Critical severityNVD Advisory· Published Jul 19, 2025· Updated Apr 15, 2026

CVE-2025-29757

Description

An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

csirt.divd.nl/CVE-2025-29757nvd
csirt.divd.nl/DIVD-2025-00011nvd
oss.growatt.comnvd
server.growatt.comnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000