CVE-2025-7768

Critical CVSS: 9.3

Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.

Vendor

Product

CWE

CWE-798

Yayın Tarihi

2025-08-06 21:15:32

Güncelleme

2025-08-07 21:26:37

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-798 CRITICAL 2025

Referanslar

https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02