An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Apr 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 15 Apr 2025 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs. | |
Title | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: icscert
Published: 2025-04-15T21:23:08.714Z
Updated: 2025-04-16T15:08:10.427Z
Reserved: 2025-04-01T17:32:00.680Z
Link: CVE-2025-27565

Updated: 2025-04-16T14:59:23.999Z

Status : Awaiting Analysis
Published: 2025-04-15T22:15:19.867
Modified: 2025-04-16T13:25:37.340
Link: CVE-2025-27565

No data.