CVE-2025-36744

EUVD-2025-203083
SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.4 LOW
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
solaredgese3680h_firmware
4.0 ≤
𝑥
< 4.22
𝑥
= Vulnerable software versions
References
https://csirt.divd.nl/CVE-2025-36744
https://csirt.divd.nl/DIVD-2025-00022/