CVE-2025-36759

Sensitive Information Disclosure in SolaX Cloud

CVE

CVE-2025-36759

Title

Sensitive Information Disclosure in SolaX Cloud

Credits

Humza Ahmad (finder)
Max van der Horst (analyst)

Affected products

Product	Affected	Unaffected	Unknown
SolaX Power SolaX Cloud	= before 27-06-2025 ()
SolaX Power SolaX Cloud		everything else

CVSS

Base score	8.7 - HIGH
Attack Vector	NETWORK
Attack Complexity>	LOW
Attack Requirements	NONE
Privileges Required	NONE
Confidentiality Impact
Vulnerable system	HIGH	Subsequent systems	NONE
Integrity Impact
Vulnerable system	NONE	Subsequent systems	NONE
Availability Impact
Vulnerable system	NONE	Subsequent systems	NONE
Safety impact	NOT_DEFINED
Automatable	NOT_DEFINED
Recovery	NOT_DEFINED
Value Density	NOT_DEFINED
Vulnerability Response effort	NOT_DEFINED
Provider Urgency	NOT_DEFINED

References

https://csirt.divd.nl/CVE-2025-36759 ( third-party-advisory )
https://csirt.divd.nl/DIVD-2025-00015 ( third-party-advisory )

Problem type(s)

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Date published

Last modified

Description

Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers.

JSON version.

DIVD CSIRT

CVE-2025-36759

Sensitive Information Disclosure in SolaX Cloud

Description