CVE-2025-29756

MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters

Description

SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received. An attack with an account on iSolarCloud.com could extract MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic '#' and thus recieve all messages from all connected devices.

Remediation

Solution:

iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable.

References

Link	Tags
https://csirt.divd.nl/CVE-2025-29756	third party advisory technical description
https://csirt.divd.nl/DIVD-2025-00009	third party advisory
https://isolarcloud.com	product

Frequently Asked Questions

What is the severity of CVE-2025-29756?: CVE-2025-29756 has been scored as a high severity vulnerability.
How to fix CVE-2025-29756?: To fix CVE-2025-29756: iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable.
Is CVE-2025-29756 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-29756 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-29756?: CVE-2025-29756 affects SunGrow iSolarCloud.

Description

Remediation

Category

CWE-862 – Missing Authorization

References

Frequently Asked Questions