MEDIUM
SMA
CVE published 2025-03-20
CVE-2025-0731
CVE-2025-0731 describes an SMB Sunny Portal issue in which an unauthenticated remote attacker could upload a .aspx file instead of a PV system picture through the demo account. The advisory says any resulting code execution is limited to the security context of the user, and CISA’s remediation notes state the vulnerability was closed in the portal on 2024-12-19, before the advisory publication date.