CVE-2025-29757
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-19

Last updated on: 2025-07-22

Assigner: Dutch Institute for Vulnerability Disclosure

Description
An incorrect authorisation check in the theΒ 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-19
Last Modified
2025-07-22
Generated
2026-05-07
AI Q&A
2025-07-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-29757
EUVD
EUVD-2025-21950
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
growatt cloud_service *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an incorrect authorization check in the 'plant transfer' function of the Growatt cloud service. It allows a malicious attacker who has a valid account to transfer any plant into their own account without proper permission.


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized control over plants in the Growatt cloud service, potentially allowing attackers to manipulate or take over plants that do not belong to them, which could result in loss of control, data integrity issues, or service disruption.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart