PatchSiren cyber security CVE debrief
CVE-2025-31941 Growatt CVE debrief
CVE-2025-31941 affects the Growatt cloud portal and was published by CISA on 2025-04-15, with a later revision on 2025-05-06 for typo fixes. The advisory states that an unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Growatt’s remediation guidance says the cloud-based vulnerabilities were patched and that firmware updates are automatic, while also recommending stronger account security and multi-factor authentication where available.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Organizations and individuals using Growatt cloud portal deployments, especially administrators, installers, and operations teams managing connected smart devices. Security teams responsible for account hygiene, access control, and monitoring should also review this advisory.
Technical summary
The advisory describes an information disclosure issue in the Growatt cloud portal, affecting Growatt cloud portal versions <=3.6.0. The attack requires no authentication and no user interaction, but does require knowledge of a valid username. The supplied CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) aligns with a low confidentiality impact and no integrity or availability impact. CISA’s CSAF entry lists the issue as a single affected product family and points to vendor-provided mitigation steps rather than an exploit narrative.
Defensive priority
Moderate. The issue is network-reachable and unauthenticated, but the reported impact is limited to confidentiality and the advisory indicates the cloud vulnerabilities were patched. Priority should be driven by exposure of Growatt cloud portal accounts and the sensitivity of device inventory information.
Recommended defensive actions
- Confirm whether any environment uses Growatt cloud portal versions covered by the advisory (<=3.6.0).
- Apply Growatt-provided updates or confirm that automatic updates have completed.
- Review account security for Growatt cloud users, including strong passwords and multi-factor authentication where available.
- Monitor for unusual account activity or unexpected device-list access.
- Report security concerns to Growatt at [email protected], as recommended in the advisory.
Evidence notes
Primary evidence comes from CISA’s CSAF advisory ICSA-25-105-04 for CVE-2025-31941, which identifies the affected product as Growatt cloud portal <=3.6.0 and describes the issue as unauthenticated device-list access when a valid username is known. The advisory also includes the vendor remediation notes stating the cloud-based vulnerabilities were patched, with automatic updates and account-security recommendations. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, consistent with the stated impact.
Official resources
-
CVE-2025-31941 CVE record
CVE.org
-
CVE-2025-31941 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA first published the advisory on 2025-04-15 and revised it on 2025-05-06 for typo fixes. This debrief uses the advisory publication date as the issue date and notes that no KEV entry is listed in the supplied data.