CVE-2025-36759 | THREATINT

Description

Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-10 | Updated 2025-09-10 | Assigner DIVD

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

before 27-06-2025

affected

Credits

Humza Ahmad finder

Max van der Horst analyst

References

csirt.divd.nl/CVE-2025-36759 third-party-advisory

csirt.divd.nl/DIVD-2025-00015 third-party-advisory

cve.org (CVE-2025-36759)

nvd.nist.gov (CVE-2025-36759)

Download JSON