CVE-2025-36745

SolarEdge SE3680H contains Linux Kernel vulnerabilities

CVE

CVE-2025-36745

Title

SolarEdge SE3680H contains Linux Kernel vulnerabilities

Credits

Alexandros Tokatlis (ENCS) (finder)
Victor Pasman (DIVD) (analyst)

Affected products

Product	Affected	Unaffected	Unknown
SolarEdge SE3680H	>= 4.0 to < 4.22 (semver)
SolarEdge SE3680H		everything else

CVSS

Base score	8.6 - HIGH
Attack Vector	PHYSICAL
Attack Complexity>	LOW
Attack Requirements	NONE
Privileges Required	NONE
Confidentiality Impact
Vulnerable system	HIGH	Subsequent systems	LOW
Integrity Impact
Vulnerable system	HIGH	Subsequent systems	LOW
Availability Impact
Vulnerable system	HIGH	Subsequent systems	LOW
Safety impact	NEGLIGIBLE
Automatable	NOT_DEFINED
Recovery	NOT_DEFINED
Value Density	DIFFUSE
Vulnerability Response effort	NOT_DEFINED
Provider Urgency	NOT_DEFINED

References

https://csirt.divd.nl/CVE-2025-36745 ( third-party-advisory )
https://csirt.divd.nl/DIVD-2025-00022/ ( third-party-advisory )

Problem type(s)

CWE-1104 — Use of Unmaintained Third Party Components

Impact(s)

Date published

Last modified

Description

SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.

JSON version.

DIVD CSIRT

CVE-2025-36745

SolarEdge SE3680H contains Linux Kernel vulnerabilities

Description