CVE-2025-29757 Information
Jul 20, 2025
cve
Description
An incorrect authorisation check in the the ‘plant transfer’ function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
Reference
https://csirt.divd.nl/CVE-2025-29757 https://csirt.divd.nl/DIVD-2025-00011 https://oss.growatt.com https://server.growatt.com
Related CNNVD
CNNVD-202507-2498 (Published: 2025-07-19)
Share on: