CVE-2025-29757

Published: Jul 19, 2025

Modified: Jul 22, 2025

PUBLISHED

Description

An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.

Vendor	Product	Versions
Growatt	https://oss.growatt.com	affected `0 - < 13 Jun 2025`
Growatt	https://server.growatt.com	affected `0 - < 13 June 2025`

Weaknesses (CWE)

CWE-863

References

https://server.growatt.com

product

https://oss.growatt.com

product

https://csirt.divd.nl/CVE-2025-29757

third-party-advisory

https://csirt.divd.nl/DIVD-2025-00011

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-29757

Description

Affected Products

Weaknesses (CWE)

References