Back to search
CVE-2025-13932
Published: Dec 4, 2025
Modified: Dec 5, 2025
PUBLISHED
Description
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.
| Vendor | Product | Versions |
|---|---|---|
SolisCloud | Monitoring Platform (Cloud API & Device Control API) | affected API v1affected API v2 |
Weaknesses (CWE)
References
url
government-resource
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now