CVE-2025-36757

Bypass of administrator login screen in SolaX Cloud

CVE

CVE-2025-36757

Title

Bypass of administrator login screen in SolaX Cloud

Credits

Humza Ahmad (finder)
Max van der Horst (analyst)

Affected products

Product	Affected	Unaffected	Unknown
SolaX Power SolaX Cloud	= before 27-06-2025 ()
SolaX Power SolaX Cloud		everything else

CVSS

Base score	6.3 - MEDIUM
Attack Vector	NETWORK
Attack Complexity>	LOW
Attack Requirements	PRESENT
Privileges Required	NONE
Confidentiality Impact
Vulnerable system	LOW	Subsequent systems	NONE
Integrity Impact
Vulnerable system	NONE	Subsequent systems	NONE
Availability Impact
Vulnerable system	NONE	Subsequent systems	NONE
Safety impact	NOT_DEFINED
Automatable	NOT_DEFINED
Recovery	NOT_DEFINED
Value Density	NOT_DEFINED
Vulnerability Response effort	NOT_DEFINED
Provider Urgency	NOT_DEFINED

References

https://csirt.divd.nl/CVE-2025-36757 ( third-party-advisory )
https://csirt.divd.nl/DIVD-2025-00015 ( third-party-advisory )

Problem type(s)

CWE-306 Missing Authentication for Critical Function

Date published

Last modified

Description

It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.

JSON version.

DIVD CSIRT

CVE-2025-36757

Bypass of administrator login screen in SolaX Cloud

Description