The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.
CVSS
No CVSS.
References
Configurations
No configuration.
History
No history.
Information
Published : 2025-12-04 22:15
Updated : 2025-12-08 18:27
NVD link : CVE-2025-13932
Mitre link : CVE-2025-13932
CVE.ORG link : CVE-2025-13932
JSON object : View
Products Affected
No product.
CWE
CWE-639
Authorization Bypass Through User-Controlled Key