Medium severity6.9NVD Advisory· Published Aug 8, 2025· Updated Apr 15, 2026

CVE-2025-52586

Description

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

eg4electronics.com/contact/nvd
eg4electronics.com/wp-content/uploads/2025/09/EG4-Wi-Fi-Dongle-Dongle-Firmware-Update.pdfnvd
www.cisa.gov/news-events/ics-advisories/icsa-25-219-07nvd

News mentions

No linked articles in our index yet.

cvss	0.449
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000