Skip to main content

SolarEdge SE3680H CVE-2025-36745

HIGH
2025-12-12 csirt@divd.nl
7.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:D/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:D/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
N

Lifecycle Timeline

1
Analysis Generated
Apr 29, 2026 - 01:16 vuln.today

DescriptionCVE.org

SolarEdge SE3680H  ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.

AnalysisAI

Physical access to SolarEdge SE3680H solar inverters allows privilege escalation, remote code execution, and information disclosure through unpatched Linux kernel vulnerabilities. Reported by DIVD CSIRT, this affects SE3680H firmware running outdated kernel subsystems. While CVSS 4.0 scores 7.0 with physical attack vector (AV:P), the presence of RCE and privilege escalation tags indicates high impact once physical proximity is achieved. No EPSS score, KEV listing, or public exploit identified at time of analysis, suggesting limited current exploitation risk for typical deployment scenarios.

Technical ContextAI

The SolarEdge SE3680H is a residential solar photovoltaic inverter running embedded Linux firmware. The vulnerability stems from shipping with an obsolete Linux kernel containing known security flaws in core subsystems (networking, process management, memory handling, or device drivers). The CVSS 4.0 vector confirms physical attack prerequisite (AV:P) with low complexity (AC:L), indicating attackers require direct hardware access to USB, serial console, or physical network ports on the inverter. Once accessed, kernel-level vulnerabilities enable breaking out of application sandboxes, escalating to root privileges, executing arbitrary code in kernel space, or reading protected memory regions. Solar inverters are typically installed in outdoor or semi-secure locations (rooftops, utility closets), making physical access feasible for motivated attackers during installation, maintenance windows, or via insider threat scenarios.

RemediationAI

Apply SolarEdge firmware update addressing outdated kernel components when vendor releases patched version. Monitor SolarEdge security bulletins and DIVD advisory DIVD-2025-00022 (https://csirt.divd.nl/DIVD-2025-00022/) for patch availability and specific fix version. Until patched firmware is available, implement physical security controls: restrict physical access to inverter installation locations through locked enclosures or secured facilities, implement video surveillance of inverter locations, maintain visitor logs for maintenance access, and disable unused physical ports (USB, serial console) if operationally feasible. For networked inverter deployments, isolate inverter management networks from corporate IT networks using VLANs or air-gapping to contain post-exploitation lateral movement. Note that disabling network connectivity may impact remote monitoring capabilities and require on-site performance checks. Review access procedures for installation and maintenance contractors to minimize insider threat exposure. These controls mitigate physical attack vector but do not address underlying kernel vulnerabilities.

Share

CVE-2025-36745 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy