Vulnerability Description
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
Related Weaknesses (CWE)
References
- https://csirt.divd.nl/CVE-2025-29757
- https://csirt.divd.nl/DIVD-2025-00011
- https://oss.growatt.com
- https://server.growatt.com
FAQ
What is CVE-2025-29757?
CVE-2025-29757 is a documented vulnerability. An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
How severe is CVE-2025-29757?
CVSS scoring is not yet available for CVE-2025-29757. Check NVD for updates.
Is there a patch for CVE-2025-29757?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.