CVSS
No CVSS.
T
he SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.
References
Configurations
No configuration.
History
08 Dec 2025, 18:27
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-04 22:15
Updated : 2025-12-08 18:27
NVD link : CVE-2025-13932
Mitre link : CVE-2025-13932
CVE.ORG link : CVE-2025-13932
JSON object : View
Products Affected
No product.
CWE
CWE-639
Authorization Bypass Through User-Controlled Key