CVE-2025-29757

EUVD-2025-21950
An incorrect authorisation check in the theĀ 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Common Weakness Enumeration
References
https://csirt.divd.nl/CVE-2025-29757
https://csirt.divd.nl/DIVD-2025-00011
https://oss.growatt.com
https://server.growatt.com