CVE-2025-36744

low

Description

SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information.

References

https://csirt.divd.nl/DIVD-2025-00022/

https://csirt.divd.nl/CVE-2025-36744

Details

Source: Mitre, NVD

Published: 2025-12-12

Updated: 2025-12-23

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 2.4

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Low

CVSS v4

Base Score: 2.4

Vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.00018