CVE-2025-36750 — MEDIUM (5.4)

Q: How severe is CVE-2025-36750?

CVE-2025-36750 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-36750?

Check the references section above for vendor advisories and patch information. Affected products include: Growatt Shine Lan-X Firmware, Growatt Shine Lan-X.

Vulnerability Description

ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Growatt	Shine Lan-X Firmware	>= 3.6.0.0, < 3.6.0.2
Growatt	Shine Lan-X	-

Related Weaknesses (CWE)

CWE-79

References

https://csirt.divd.nl/CVE-2025-36750/Third Party Advisory

FAQ

What is CVE-2025-36750?

CVE-2025-36750 is a vulnerability with a CVSS score of 5.4 (MEDIUM). ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers...

How severe is CVE-2025-36750?

CVE-2025-36750 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-36750?

Check the references section above for vendor advisories and patch information. Affected products include: Growatt Shine Lan-X Firmware, Growatt Shine Lan-X.