All news with #soliscloud tag

SolisCloud API Authorization Bypass Affects Monitoring

⚠️ CISA warns of an authorization bypass (IDOR) in the SolisCloud Monitoring Platform affecting Cloud API and Device Control API v1 and v2. An authenticated user can access detailed plant data by manipulating the plant_id parameter, exposing sensitive information. The issue is tracked as CVE-2025-13932 with a CVSS v4 score of 8.3 and is remotely exploitable with low complexity. SolisCloud has not engaged with CISA; users should limit network exposure and follow CISA mitigation guidance.