SolarEdge SE3680H CVE-2025-36745
HIGHSeverity by source
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:D/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:D/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.
AnalysisAI
Physical access to SolarEdge SE3680H solar inverters allows privilege escalation, remote code execution, and information disclosure through unpatched Linux kernel vulnerabilities. Reported by DIVD CSIRT, this affects SE3680H firmware running outdated kernel subsystems. While CVSS 4.0 scores 7.0 with physical attack vector (AV:P), the presence of RCE and privilege escalation tags indicates high impact once physical proximity is achieved. No EPSS score, KEV listing, or public exploit identified at time of analysis, suggesting limited current exploitation risk for typical deployment scenarios.
Technical ContextAI
The SolarEdge SE3680H is a residential solar photovoltaic inverter running embedded Linux firmware. The vulnerability stems from shipping with an obsolete Linux kernel containing known security flaws in core subsystems (networking, process management, memory handling, or device drivers). The CVSS 4.0 vector confirms physical attack prerequisite (AV:P) with low complexity (AC:L), indicating attackers require direct hardware access to USB, serial console, or physical network ports on the inverter. Once accessed, kernel-level vulnerabilities enable breaking out of application sandboxes, escalating to root privileges, executing arbitrary code in kernel space, or reading protected memory regions. Solar inverters are typically installed in outdoor or semi-secure locations (rooftops, utility closets), making physical access feasible for motivated attackers during installation, maintenance windows, or via insider threat scenarios.
RemediationAI
Apply SolarEdge firmware update addressing outdated kernel components when vendor releases patched version. Monitor SolarEdge security bulletins and DIVD advisory DIVD-2025-00022 (https://csirt.divd.nl/DIVD-2025-00022/) for patch availability and specific fix version. Until patched firmware is available, implement physical security controls: restrict physical access to inverter installation locations through locked enclosures or secured facilities, implement video surveillance of inverter locations, maintain visitor logs for maintenance access, and disable unused physical ports (USB, serial console) if operationally feasible. For networked inverter deployments, isolate inverter management networks from corporate IT networks using VLANs or air-gapping to contain post-exploitation lateral movement. Note that disabling network connectivity may impact remote monitoring capabilities and require on-site performance checks. Review access procedures for installation and maintenance contractors to minimize insider threat exposure. These controls mitigate physical attack vector but do not address underlying kernel vulnerabilities.
Share
External POC / Exploit Code
Leaving vuln.today