CVE-2025-13932

Vulnerability Description

The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.

Related Weaknesses (CWE)

CWE-639

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-06

FAQ

What is CVE-2025-13932?

CVE-2025-13932 is a documented vulnerability. The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by al...

How severe is CVE-2025-13932?

CVSS scoring is not yet available for CVE-2025-13932. Check NVD for updates.

Is there a patch for CVE-2025-13932?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.