CVE-2025-26473 – The Mojave Inverter uses HTTP GET requests to t... (How to Fix)

Q: What is the severity of CVE-2025-26473?

CVE-2025-26473 has a CVSS score of 7.5 (HIGH). The Mojave Inverter uses HTTP GET requests to transmit sensitive information, potentially exposing credentials or configuration data in URLs, logs, or browser history. This affects organizations using Outback Power's Mojave Inverter systems with default configurations.

📋 TL;DR

The Mojave Inverter uses HTTP GET requests to transmit sensitive information, potentially exposing credentials or configuration data in URLs, logs, or browser history. This affects organizations using Outback Power's Mojave Inverter systems with default configurations.

💻 Affected Systems

Products:

Outback Power Mojave Inverter

Versions: All versions prior to patched release

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable in default configuration when web interface is enabled

📦 What is this software?

Mojave Inverter Oghi8048a Firmware by Outbackpower

View all CVEs affecting Mojave Inverter Oghi8048a Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers intercept GET requests containing authentication tokens or configuration data, gaining unauthorized access to inverter control systems and potentially manipulating power output or stealing sensitive operational data.

🟠

Likely Case

Information disclosure of sensitive inverter configuration parameters or credentials through web server logs, proxy logs, or browser history, enabling reconnaissance for further attacks.

🟢

If Mitigated

Limited exposure with proper network segmentation and monitoring, though sensitive data may still be visible in internal logs.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires network access to the inverter's web interface and ability to intercept or view HTTP traffic

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with Outback Power for specific firmware version

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17

Restart Required: Yes

Instructions:

1. Contact Outback Power for updated firmware. 2. Backup current configuration. 3. Apply firmware update via web interface or local connection. 4. Verify functionality post-update.

🔧 Temporary Workarounds

Disable Web Interface

all

Temporarily disable the web management interface if not required for operations

Network Segmentation

all

Isolate inverter management network from general corporate network

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the inverter web interface
Deploy web application firewall to filter and monitor HTTP traffic to the inverter

🔍 How to Verify

Check if Vulnerable:

Monitor HTTP traffic to the inverter web interface and check if sensitive parameters appear in GET request URLs

Check Version:

Check firmware version via inverter web interface or local display

Verify Fix Applied:

After patching, verify that sensitive information is transmitted via POST requests with proper encryption

📡 Detection & Monitoring

Log Indicators:

GET requests containing sensitive parameters like passwords, tokens, or configuration data in web server logs

Network Indicators:

HTTP GET requests to inverter with sensitive query parameters in packet captures

SIEM Query:

http.method:GET AND (http.uri:*password* OR http.uri:*token* OR http.uri:*config*) AND destination.ip:[inverter_ip]

📊 Metadata

CVE ID: CVE-2025-26473

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-598

EPSS Score: 0.12% exploit probability (31th percentile)

Published: February 13, 2025

Last Updated: March 19, 2025

🔗 References

https://old.outbackpower.com/about-outback/contact/contact-us Product
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26473, you might also want to check these: