CVE-2025-36757 | THREATINT

Description

It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-10 | Updated 2025-09-10 | Assigner DIVD

MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unaffected

before 27-06-2025

affected

Credits

Humza Ahmad finder

Max van der Horst analyst

References

csirt.divd.nl/CVE-2025-36757 third-party-advisory

csirt.divd.nl/DIVD-2025-00015 third-party-advisory

cve.org (CVE-2025-36757)

nvd.nist.gov (CVE-2025-36757)

Download JSON