CVE-2025-36744 – SolarEdge SE3680H inverters leak sensitive diag... (How to Fix)

Q: What is the severity of CVE-2025-36744?

CVE-2025-36744 has a CVSS score of 2.4 (LOW). SolarEdge SE3680H inverters leak sensitive diagnostic information during bootloader initialization cycles. This allows unauthenticated attackers to gather system information that could aid further attacks. Only SolarEdge SE3680H inverters are affected.

📋 TL;DR

SolarEdge SE3680H inverters leak sensitive diagnostic information during bootloader initialization cycles. This allows unauthenticated attackers to gather system information that could aid further attacks. Only SolarEdge SE3680H inverters are affected.

💻 Affected Systems

Products:

SolarEdge SE3680H

Versions: All versions prior to patched firmware

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability occurs during bootloader initialization loop when device is waiting for boot instructions.

📦 What is this software?

Se3680h Firmware by Solaredge

View all CVEs affecting Se3680h Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure could reveal system details that facilitate more serious attacks like firmware manipulation or authentication bypass.

🟠

Likely Case

Attackers gather system information to fingerprint devices and plan targeted attacks.

🟢

If Mitigated

Limited to information gathering with no direct system compromise.

🌐 Internet-Facing: MEDIUM - While the vulnerability itself is low severity, exposed devices could provide reconnaissance data for attackers.

🏢 Internal Only: LOW - Requires physical or network access to the device during boot cycles.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires monitoring bootloader diagnostic output during device initialization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check SolarEdge firmware updates

Vendor Advisory: https://csirt.divd.nl/CVE-2025-36744

Restart Required: Yes

Instructions:

1. Contact SolarEdge support for firmware updates. 2. Apply latest firmware to affected SE3680H inverters. 3. Reboot devices after firmware update.

🔧 Temporary Workarounds

Physical Access Restriction

all

Restrict physical and network access to inverter serial/console ports during boot cycles.

Network Segmentation

all

Isolate inverters on separate network segments with strict access controls.

🧯 If You Can't Patch

Implement strict physical security controls around inverter installations
Monitor network traffic to inverter management interfaces for unusual access patterns

🔍 How to Verify

Check if Vulnerable:

Monitor bootloader diagnostic output during SE3680H initialization for information leakage.

Check Version:

Check inverter display or SolarEdge monitoring portal for firmware version

Verify Fix Applied:

Check firmware version against SolarEdge security advisory and verify no sensitive information appears in bootloader output.

📡 Detection & Monitoring

Log Indicators:

Repeated boot cycles
Unauthenticated access to diagnostic interfaces

Network Indicators:

Unexpected connections to inverter management ports during boot

SIEM Query:

Search for repeated connection attempts to inverter IPs on management ports

📊 Metadata

CVE ID: CVE-2025-36744

CVSS v3 Score: 2.4 (LOW)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score: 0.02% exploit probability (4.7th percentile)

Published: December 12, 2025

Last Updated: December 23, 2025

🔗 References

https://csirt.divd.nl/CVE-2025-36744 Third Party Advisory
https://csirt.divd.nl/DIVD-2025-00022/ Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON