6.9
CVE-2025-31950 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can obtain EV charger energy consumption information of other users.
6.9
CVE-2025-31945 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can obtain other users' charger information.
6.9
CVE-2025-26857 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
0.0
CVE-2025-31942 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
6.9
CVE-2025-27719 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can query an API endpoint and get device details.
6.9
CVE-2025-31654 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").
6.9
CVE-2025-30514 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").
6.9
CVE-2025-27938 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").
6.9
CVE-2025-27939 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An attacker can change registered email addresses of other users and take over arbitrary accounts.
7.8
CVE-2025-1274 - RCS File Parsing Out-of-Bounds Write Vulnerability
A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.