{"api_version":"1","generated_at":"2026-06-19T11:54:19+00:00","cve":"CVE-2025-36745","urls":{"html":"https://cve.report/CVE-2025-36745","api":"https://cve.report/api/cve/CVE-2025-36745.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-36745","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-36745"},"summary":{"title":"SolarEdge SE3680H contains Linux Kernel vulnerabilities","description":"SolarEdge SE3680H  ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.","state":"PUBLISHED","assigner":"DIVD","published_at":"2025-12-12 15:15:53","updated_at":"2026-04-29 01:00:01"},"problem_types":["NVD-CWE-noinfo","CWE-1104 — Use of Unmaintained Third Party Components"],"metrics":[{"version":"4.0","source":"csirt@divd.nl","type":"Secondary","score":"7","severity":"HIGH","vector":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:D/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:D/RE:X/U:X","baseScore":7,"baseSeverity":"HIGH","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"8.6","severity":"HIGH","vector":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:N/V:D","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NEGLIGIBLE","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"PHYSICAL","baseScore":8.6,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:N/V:D","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://csirt.divd.nl/CVE-2025-36745","name":"https://csirt.divd.nl/CVE-2025-36745","refsource":"csirt@divd.nl","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://csirt.divd.nl/DIVD-2025-00022/","name":"https://csirt.divd.nl/DIVD-2025-00022/","refsource":"csirt@divd.nl","tags":["Broken Link"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-36745","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-36745","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"SolarEdge","product":"SE3680H","version":"affected 4.0 4.22 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Alexandros Tokatlis (ENCS)","lang":"en"},{"source":"CNA","value":"Victor Pasman (DIVD)","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"36745","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"solaredge","cpe5":"se3680h","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"36745","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"solaredge","cpe5":"se3680h_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-36745","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-12-12T19:33:07.241801Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-12-12T19:33:31.099Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"SE3680H","vendor":"SolarEdge","versions":[{"lessThan":"4.22","status":"affected","version":"4.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Alexandros Tokatlis (ENCS)"},{"lang":"en","type":"analyst","value":"Victor Pasman (DIVD)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"SolarEdge SE3680H&nbsp; ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.<div><div></div><div><div></div></div></div><div></div><br>"}],"value":"SolarEdge SE3680H  ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information."}],"impacts":[{"capecId":"CAPEC-549","descriptions":[{"lang":"en","value":"CAPEC-549 Local Execution of Code"}]},{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NEGLIGIBLE","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"PHYSICAL","baseScore":8.6,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:N/V:D","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"CWE-1104 — Use of Unmaintained Third Party Components","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2025-12-12T15:05:38.582Z","orgId":"b87402ff-ae37-4194-9dae-31abdbd6f217","shortName":"DIVD"},"references":[{"tags":["third-party-advisory"],"url":"https://csirt.divd.nl/CVE-2025-36745"},{"tags":["third-party-advisory"],"url":"https://csirt.divd.nl/DIVD-2025-00022/"}],"source":{"discovery":"EXTERNAL"},"title":"SolarEdge SE3680H contains Linux Kernel vulnerabilities","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"b87402ff-ae37-4194-9dae-31abdbd6f217","assignerShortName":"DIVD","cveId":"CVE-2025-36745","datePublished":"2025-12-12T15:05:38.582Z","dateReserved":"2025-04-15T21:54:36.813Z","dateUpdated":"2025-12-12T19:33:31.099Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-12-12 15:15:53","lastModifiedDate":"2026-04-29 01:00:01","problem_types":["NVD-CWE-noinfo","CWE-1104 — Use of Unmaintained Third Party Components"],"metrics":{"cvssMetricV40":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:D/RE:X/U:X","baseScore":7,"baseSeverity":"HIGH","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:solaredge:se3680h_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.22","matchCriteriaId":"1525CFCE-58DC-428A-B3A5-FE97E306C581"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:solaredge:se3680h:-:*:*:*:*:*:*:*","matchCriteriaId":"CF1A53FC-7C47-46A1-8A50-9FDF74A350C7"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"36745","Ordinal":"1","Title":"SolarEdge SE3680H contains Linux Kernel vulnerabilities","CVE":"CVE-2025-36745","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"36745","Ordinal":"1","NoteData":"SolarEdge SE3680H  ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.","Type":"Description","Title":"SolarEdge SE3680H contains Linux Kernel vulnerabilities"}]}}}