CVE-2025-29757 - Vulnerability Details - OpenCVE

An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://csirt.divd.nl/CVE-2025-29757
https://csirt.divd.nl/DIVD-2025-00011
https://oss.growatt.com
https://server.growatt.com

History

Mon, 21 Jul 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 19 Jul 2025 05:30:00 +0000

Type	Values Removed	Values Added
Description		An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
Weaknesses		CWE-863
References		https://csirt.divd.nl/CVE-2025-29757 https://csirt.divd.nl/DIVD-2025-00011 https://oss.growatt.com https://server.growatt.com
Metrics		cvssV4_0 `{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/S:P/V:C'}`

MITRE

Status: PUBLISHED

Assigner: DIVD

Published: 2025-07-19T05:15:36.810Z

Updated: 2025-07-22T10:05:55.465Z

Reserved: 2025-03-11T13:40:29.272Z

Link: CVE-2025-29757

Vulnrichment

Updated: 2025-07-21T15:38:03.556Z

NVD

Status : Awaiting Analysis

Published: 2025-07-19T06:15:23.850

Modified: 2025-07-22T13:06:07.260

Link: CVE-2025-29757

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-29757", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "state": "PUBLISHED", "assignerShortName": "DIVD", "dateReserved": "2025-03-11T13:40:29.272Z", "datePublished": "2025-07-19T05:15:36.810Z", "dateUpdated": "2025-07-22T10:05:55.465Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "https://oss.growatt.com", "vendor": "Growatt", "versions": [{"lessThan": "13 Jun 2025", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "https://server.growatt.com", "vendor": "Growatt", "versions": [{"lessThan": "13 June 2025", "status": "affected", "version": "0", "versionType": "date"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Humza Ahmad"}, {"lang": "en", "type": "analyst", "value": "Frank Breedijk (DIVD)"}], "datePublic": "2025-07-09T22:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account."}], "value": "An incorrect authorisation check in the the\u00a0'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account."}], "impacts": [{"capecId": "CAPEC-395", "descriptions": [{"lang": "en", "value": "CAPEC-395 Bypassing Electronic Locks and Access Controls"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "PRESENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.4, "baseSeverity": "CRITICAL", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/S:P/V:C", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2025-07-22T10:05:55.465Z"}, "references": [{"tags": ["product"], "url": "https://server.growatt.com"}, {"tags": ["product"], "url": "https://oss.growatt.com"}, {"tags": ["third-party-advisory"], "url": "https://csirt.divd.nl/CVE-2025-29757"}, {"tags": ["third-party-advisory"], "url": "https://csirt.divd.nl/DIVD-2025-00011"}], "source": {"advisory": "DIVD-2025-00011", "discovery": "EXTERNAL"}, "tags": ["exclusively-hosted-service"], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-21T15:37:51.011826Z", "id": "CVE-2025-29757", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T15:38:13.225Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-29757", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-21T15:37:51.011826Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T15:38:03.556Z"}}], "cna": {"tags": ["exclusively-hosted-service"], "source": {"advisory": "DIVD-2025-00011", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Humza Ahmad"}, {"lang": "en", "type": "analyst", "value": "Frank Breedijk (DIVD)"}], "impacts": [{"capecId": "CAPEC-395", "descriptions": [{"lang": "en", "value": "CAPEC-395 Bypassing Electronic Locks and Access Controls"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/S:P/V:C", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Growatt", "product": "https://oss.growatt.com", "versions": [{"status": "affected", "version": "0", "lessThan": "13 Jun 2025", "versionType": "date"}], "defaultStatus": "unaffected"}, {"vendor": "Growatt", "product": "https://server.growatt.com", "versions": [{"status": "affected", "version": "0", "lessThan": "13 June 2025", "versionType": "date"}], "defaultStatus": "unaffected"}], "datePublic": "2025-07-09T22:00:00.000Z", "references": [{"url": "https://server.growatt.com", "tags": ["product"]}, {"url": "https://oss.growatt.com", "tags": ["product"]}, {"url": "https://csirt.divd.nl/CVE-2025-29757", "tags": ["third-party-advisory"]}, {"url": "https://csirt.divd.nl/DIVD-2025-00011", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An incorrect authorisation check in the the\u00a0'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.", "supportingMedia": [{"type": "text/html", "value": "An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2025-07-19T05:15:36.810Z"}}}, "cveMetadata": {"cveId": "CVE-2025-29757", "state": "PUBLISHED", "dateUpdated": "2025-07-21T15:38:13.225Z", "dateReserved": "2025-03-11T13:40:29.272Z", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "datePublished": "2025-07-19T05:15:36.810Z", "assignerShortName": "DIVD"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "csirt@divd.nl", "tags": ["exclusively-hosted-service"]}], "descriptions": [{"lang": "en", "value": "An incorrect authorisation check in the the\u00a0'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account."}, {"lang": "es", "value": "Una verificaci\u00f3n de autorizaci\u00f3n incorrecta en la funci\u00f3n de \"transferencia de planta\" del servicio en la nube Growatt permiti\u00f3 a un atacante malicioso con una cuenta v\u00e1lida transferir cualquier planta a su cuenta."}], "id": "CVE-2025-29757", "lastModified": "2025-07-22T13:06:07.260", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "PRESENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:C/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "csirt@divd.nl", "type": "Secondary"}]}, "published": "2025-07-19T06:15:23.850", "references": [{"source": "csirt@divd.nl", "url": "https://csirt.divd.nl/CVE-2025-29757"}, {"source": "csirt@divd.nl", "url": "https://csirt.divd.nl/DIVD-2025-00011"}, {"source": "csirt@divd.nl", "url": "https://oss.growatt.com"}, {"source": "csirt@divd.nl", "url": "https://server.growatt.com"}], "sourceIdentifier": "csirt@divd.nl", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "csirt@divd.nl", "type": "Secondary"}]}