CVE-2025-36743

SolarEdge SE3680H - Exposed Debug interface

CVE

CVE-2025-36743

Title

SolarEdge SE3680H - Exposed Debug interface

Credits

Hamid Rahmouni (ENCS) (finder)
Victor Pasman (DIVD) (analyst)

Affected products

Product	Affected	Unaffected	Unknown
SolarEdge SE3680H	>= 4.0 to < 4.22 (semver)
SolarEdge SE3680H		everything else

CVSS

Base score	8.6 - HIGH
Attack Vector	PHYSICAL
Attack Complexity>	LOW
Attack Requirements	NONE
Privileges Required	NONE
Confidentiality Impact
Vulnerable system	HIGH	Subsequent systems	LOW
Integrity Impact
Vulnerable system	HIGH	Subsequent systems	LOW
Availability Impact
Vulnerable system	HIGH	Subsequent systems	LOW
Safety impact	NOT_DEFINED
Automatable	NO
Recovery	NOT_DEFINED
Value Density	DIFFUSE
Vulnerability Response effort	NOT_DEFINED
Provider Urgency	NOT_DEFINED

References

https://csirt.divd.nl/CVE-2025-36743 ( third-party-advisory )
https://csirt.divd.nl/DIVD-2025-00022/ ( third-party-advisory )

Problem type(s)

CWE‑1191 — On‑Chip Debug and Test Interface With Improper Access Control

Impact(s)

CAPEC-121 Exploit Non-Production Interfaces

Date published

Last modified

Description

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands.

JSON version.

DIVD CSIRT

CVE-2025-36743

SolarEdge SE3680H - Exposed Debug interface

Description