Home

Description

Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-10 | Updated 2025-09-10 | Assigner DIVD




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unaffected

before 27-06-2025
affected

Credits

Humza Ahmad finder

Max van der Horst analyst

References

csirt.divd.nl/CVE-2025-36759 third-party-advisory

csirt.divd.nl/DIVD-2025-00015 third-party-advisory

cve.org (CVE-2025-36759)

nvd.nist.gov (CVE-2025-36759)

Download JSON