PatchSiren cyber security CVE debrief
CVE-2025-31945 Growatt CVE debrief
CVE-2025-31945 covers a Growatt cloud portal vulnerability in which an unauthenticated attacker can obtain other users' charger information. The advisory was initially published on 2025-04-15 and later revised on 2025-05-06 for typo fixes. Growatt states the cloud-based vulnerabilities were patched and that no user action is needed, while also recommending basic account-hardening and monitoring steps.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Owners, operators, and installers using Growatt cloud portal services, especially anyone responsible for charger fleet privacy, account security, or monitoring user-access activity.
Technical summary
According to the CISA CSAF advisory, the affected product is "Growatt Growatt cloud portal: <=3.6.0." The issue is described as an unauthenticated information-disclosure problem: an attacker without credentials can obtain other users' charger information. The supplied CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, which aligns with a network-reachable, low-complexity confidentiality impact and no stated integrity or availability impact.
Defensive priority
Moderate. The flaw is unauthenticated and network-reachable, but the stated impact is limited to information disclosure rather than code execution or service disruption. Prioritize it for environments where charger telemetry or user-linked information is sensitive.
Recommended defensive actions
- Confirm whether your environment uses Growatt cloud portal versions at or below 3.6.0.
- Apply vendor updates and keep devices on the latest firmware version; Growatt says updates are automatic and no user action is needed.
- Review account security settings, use strong passwords, and enable multi-factor authentication where applicable.
- Monitor for unusual account or charger-access activity and investigate unexpected data exposure.
- Report security concerns to Growatt at [email protected].
- Follow CISA industrial control system recommended practices for account hygiene, monitoring, and defense in depth.
Evidence notes
Source evidence comes from CISA's CSAF advisory ICSA-25-105-04 for "Growatt Cloud Applications," published 2025-04-15 and revised 2025-05-06. The advisory states that an unauthenticated attacker can obtain other users' charger information and identifies the affected product as "Growatt Growatt cloud portal: <=3.6.0." Growatt's remediation text says the cloud-based vulnerabilities were patched and that no user action is needed; it also recommends firmware updates, strong passwords, MFA where applicable, and vigilance. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Official resources
-
CVE-2025-31945 CVE record
CVE.org
-
CVE-2025-31945 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2025-04-15 and issued a revision on 2025-05-06 for typo fixes. The CVE itself was first published on 2025-04-15; no later exploit or KEV status is indicated in the supplied corpus.