Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-36757

Summary
Assigner-DIVD
Assigner Org ID-b87402ff-ae37-4194-9dae-31abdbd6f217
Published At-10 Sep, 2025 | 08:50
Updated At-10 Sep, 2025 | 18:50
Rejected At-
Credits

Bypass of administrator login screen in SolaX Cloud

It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:DIVD
Assigner Org ID:b87402ff-ae37-4194-9dae-31abdbd6f217
Published At:10 Sep, 2025 | 08:50
Updated At:10 Sep, 2025 | 18:50
Rejected At:
▼CVE Numbering Authority (CNA)
Bypass of administrator login screen in SolaX Cloud

It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.

Affected Products
Vendor
SolaX Power
Product
SolaX Cloud
Default Status
unaffected
Versions
Affected
  • before 27-06-2025
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306 Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306 Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
4.06.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Humza Ahmad
analyst
Max van der Horst
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://csirt.divd.nl/CVE-2025-36757
third-party-advisory
https://csirt.divd.nl/DIVD-2025-00015
third-party-advisory
Hyperlink: https://csirt.divd.nl/CVE-2025-36757
Resource:
third-party-advisory
Hyperlink: https://csirt.divd.nl/DIVD-2025-00015
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:csirt@divd.nl
Published At:10 Sep, 2025 | 09:15
Updated At:11 Sep, 2025 | 17:14

It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-306Secondarycsirt@divd.nl
CWE ID: CWE-306
Type: Secondary
Source: csirt@divd.nl
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://csirt.divd.nl/CVE-2025-36757csirt@divd.nl
N/A
https://csirt.divd.nl/DIVD-2025-00015csirt@divd.nl
N/A
Hyperlink: https://csirt.divd.nl/CVE-2025-36757
Source: csirt@divd.nl
Resource: N/A
Hyperlink: https://csirt.divd.nl/DIVD-2025-00015
Source: csirt@divd.nl
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2025-36756
Matching Score-6
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-6
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-5.8||MEDIUM
EPSS-0.06% / 17.52%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 08:50
Updated-11 Sep, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Device Takeover vulnerability in SolaX Cloud

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.

Action-Not Available
Vendor-SolaX Power
Product-SolaX Cloud
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-862
Missing Authorization
CVE-2026-6736
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
CVSS Score-6.3||MEDIUM
EPSS-0.14% / 33.85%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 21:14
Updated-11 May, 2026 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce the authentication restriction, allowing account creation and session establishment without identity provider validation. The created account was limited to the default base permissions configured on the instance. Exploitation required network access to a GHES instance configured with an external authentication provider. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.2, 3.19.6, 3.18.9, 3.17.15, and 3.16.18.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverEnterprise Server
CWE ID-CWE-306
Missing Authentication for Critical Function
Details not found