exploitDog

CVE-2025-13932

Опубликовано: 04 дек. 2025

Источник: nvd

EPSS Низкий

Описание

The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-06

EPSS

Процентиль: 16%

0.0005

Низкий

Дефекты

CWE-639

Связанные уязвимости

GHSA-rj4p-qc9g-j2p3

github

2 месяца назад

The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.

EPSS

Процентиль: 16%

0.0005

Низкий

Дефекты

CWE-639