CVE-2025-36745 – SolarEdge SE3680H inverters ship with an outdat... (How to Fix)

Q: What is the severity of CVE-2025-36745?

CVE-2025-36745 has a CVSS score of 7.8 (HIGH). SolarEdge SE3680H inverters ship with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. Attackers with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or information disclosure. This affects all SolarEdge SE3680H inverters running the vulnerable kernel version.

📋 TL;DR

SolarEdge SE3680H inverters ship with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. Attackers with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or information disclosure. This affects all SolarEdge SE3680H inverters running the vulnerable kernel version.

💻 Affected Systems

Products:

SolarEdge SE3680H

Versions: All versions shipping with vulnerable kernel

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the embedded Linux system running on SolarEdge SE3680H inverters. The specific kernel version is not specified in the CVE description.

📦 What is this software?

Se3680h Firmware by Solaredge

View all CVEs affecting Se3680h Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the inverter system leading to remote code execution, privilege escalation to root, and potential lateral movement to other network systems.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root access on the device, potentially leading to data theft or system manipulation.

🟢

If Mitigated

Limited impact if device is isolated from untrusted networks and access controls are strictly enforced.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

The CVE mentions both network and local access vectors. Exploitation likely requires knowledge of specific kernel vulnerabilities present in the outdated version.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://csirt.divd.nl/CVE-2025-36745

Restart Required: Yes

Instructions:

1. Contact SolarEdge support for firmware updates. 2. Apply any available firmware updates from SolarEdge. 3. Reboot the inverter after applying updates.

🔧 Temporary Workarounds

Network Isolation

all

Isolate SolarEdge inverters from untrusted networks and the internet

Access Control

all

Implement strict network access controls and firewall rules to limit access to inverter management interfaces

🧯 If You Can't Patch

Segment the inverter network from critical infrastructure and user networks
Implement strict monitoring and alerting for unusual access patterns to inverter systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version on SolarEdge SE3680H device. If running outdated kernel (specific version not provided in CVE), device is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version has been updated to a patched version after applying firmware updates from SolarEdge.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution, privilege escalation attempts, kernel module loading

Network Indicators:

Unexpected connections to/from inverter management ports, unusual network traffic patterns

SIEM Query:

source="solaredge" AND (event_type="privilege_escalation" OR event_type="kernel_exploit")

📊 Metadata

CVE ID: CVE-2025-36745

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score: 0.36% exploit probability (57.7th percentile)

Published: December 12, 2025

Last Updated: December 23, 2025

🔗 References

https://csirt.divd.nl/CVE-2025-36745 Third Party Advisory
https://csirt.divd.nl/DIVD-2025-00022/ Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON