CVE-2025-36757
MEDIUMSolaX Cloud - Unauthenticated Administrator Login Bypass via Parameter Tampering
Title source: llmDescription
It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://csirt.divd.nl/CVE-2025-36757
Various Sources third-party-advisory
https://csirt.divd.nl/DIVD-2025-00015
Scores
CVSS v4
6.3
EPSS
0.0031
EPSS Percentile
22.9%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (1)
SolaX Power/SolaX Cloud
before 27-06-2025
Published
Sep 10, 2025
Tracked Since
Feb 18, 2026