Perceptive Security
SOC/SIEM Consultancy
SolisCloud Monitoring Platform
Published:
4 December 2025 at 12:00:00
Alert date:
5 December 2025 at 08:03:22
Source:
cisa.gov
CISA advisory warns of a critical authorization bypass vulnerability (CVE-2025-13932) in SolisCloud Monitoring Platform APIs. The vulnerability allows authenticated users to access sensitive data from any plant by manipulating plant_id parameters in API requests. This affects both Cloud API and Device Control API versions 1 and 2, with CVSS scores of 7.7 (v3.1) and 8.3 (v4). The vulnerability enables Insecure Direct Object Reference (IDOR) attacks against energy sector infrastructure worldwide. SolisCloud has not responded to CISA's coordination efforts for mitigation.
Technical details
Mitigation steps:
Affected products:
SolisCloud Monitoring Platform
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-06
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/639.html
https://www.cve.org/CVERecord?id=CVE-2025-13932
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
https://www.solisinverters.com/uk/contactus.html
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
https://www.cisa.gov/uscert/ncas/tips/ST04-014
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.