CVE-2025-36745

SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://csirt.divd.nl/CVE-2025-36745	Third Party Advisory
https://csirt.divd.nl/DIVD-2025-00022/	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:solaredge:se3680h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:solaredge:se3680h:-:*:*:*:*:*:*:*

History

23 Dec 2025, 17:21

Type	Values Removed	Values Added
First Time		Solaredge Solaredge se3680h Firmware Solaredge se3680h
CPE		cpe:2.3:h:solaredge:se3680h:-:::::::* cpe:2.3:o:solaredge:se3680h_firmware::::::::
References	~~() https://csirt.divd.nl/CVE-2025-36745 -~~	() https://csirt.divd.nl/CVE-2025-36745 - Third Party Advisory
References	~~() https://csirt.divd.nl/DIVD-2025-00022/ -~~	() https://csirt.divd.nl/DIVD-2025-00022/ - Broken Link
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

12 Dec 2025, 15:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-12 15:15

Updated : 2025-12-23 17:21

NVD link : CVE-2025-36745

Mitre link : CVE-2025-36745

CVE.ORG link : CVE-2025-36745

JSON object : View

Products Affected

solaredge

se3680h_firmware
se3680h

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-36745", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "csirt@divd.nl", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:D/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-12T15:15:53.170", "references": [{"url": "https://csirt.divd.nl/CVE-2025-36745", "tags": ["Third Party Advisory"], "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/DIVD-2025-00022/", "tags": ["Broken Link"], "source": "csirt@divd.nl"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "SolarEdge SE3680H\u00a0 ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information."}], "lastModified": "2025-12-23T17:21:13.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:solaredge:se3680h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1525CFCE-58DC-428A-B3A5-FE97E306C581", "versionEndExcluding": "4.22", "versionStartIncluding": "4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:solaredge:se3680h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF1A53FC-7C47-46A1-8A50-9FDF74A350C7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "csirt@divd.nl"}