Bypass of administrator login screen in SolaX Cloud_CVE-2025-36757

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.

Basic Information

ID CVE-2025-36757

Source DIVD

Published Sep 10, 2025 at 08:50

Affected Product

Vendor SolaX Power

Product SolaX Cloud

Version before 27-06-2025

Affected Versions SolaX Power SolaX Cloud before 27-06-2025

CWE Classification

CWE-306

References

{
    "lastseen": "",
    "description": "It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.",
    "published": "2025-09-10T08:50:55.697Z",
    "modified": "2025-09-10T08:50:55.697Z",
    "type": "cve",
    "title": "Bypass of administrator login screen in SolaX Cloud",
    "source": "DIVD",
    "references": "https://csirt.divd.nl/CVE-2025-36757\nhttps://csirt.divd.nl/DIVD-2025-00015",
    "id": "CVE-2025-36757",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "SolaX Power SolaX Cloud before 27-06-2025",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SolaX Cloud",
    "version": "before 27-06-2025",
    "vendor": "SolaX Power",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}