CVE-2025-7768

Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02

Configurations

No configuration.

History

07 Aug 2025, 21:26

Type	Values Removed	Values Added
Summary		(es) El dispositivo Tigo Energy's Cloud Connect Advanced (CCA) contiene credenciales codificadas que permiten a usuarios no autorizados obtener acceso administrativo. Esta vulnerabilidad permite a los atacantes escalar privilegios y tomar el control total del dispositivo, lo que podría modificar la configuración del sistema, interrumpir la producción de energía solar e interferir con los mecanismos de seguridad.

06 Aug 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-06 21:15

Updated : 2025-08-07 21:26

NVD link : CVE-2025-7768

Mitre link : CVE-2025-7768

CVE.ORG link : CVE-2025-7768

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2025-7768", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-06T21:15:32.460", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms."}, {"lang": "es", "value": "El dispositivo Tigo Energy's Cloud Connect Advanced (CCA) contiene credenciales codificadas que permiten a usuarios no autorizados obtener acceso administrativo. Esta vulnerabilidad permite a los atacantes escalar privilegios y tomar el control total del dispositivo, lo que podr\u00eda modificar la configuraci\u00f3n del sistema, interrumpir la producci\u00f3n de energ\u00eda solar e interferir con los mecanismos de seguridad."}], "lastModified": "2025-08-07T21:26:37.453", "sourceIdentifier": "ics-cert@hq.dhs.gov"}