CVE-2025-36752CRITICAL 9.8EPSS p20.1%

CVE-2025-36752CVE-2025-36752

Description

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.29% probability of exploitation · percentile 20.1% · 2026-06-19T12:03:05Z
Published2025-12-13
Last modified2026-01-14

Underlying weaknesses· 1

CWE-798

References

  1. https://csirt.divd.nl/CVE-2025-36752/

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-36753
CVE
CVE-2025-36747
CVE
CVE-2025-26410
CVE
CVE-2025-41682
CVE
CVE-2025-1242
CVE
CVE-2026-20998
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.