{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-36745", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "state": "PUBLISHED", "assignerShortName": "DIVD", "dateReserved": "2025-04-15T21:54:36.813Z", "datePublished": "2025-12-12T15:05:38.582Z", "dateUpdated": "2025-12-12T19:33:31.099Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2025-12-12T15:05:38.582Z"}, "title": "SolarEdge SE3680H contains Linux Kernel vulnerabilities", "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-1104 \u2014 Use of Unmaintained Third Party Components"}]}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}, {"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "SolarEdge", "product": "SE3680H", "versions": [{"status": "affected", "version": "4.0", "lessThan": "4.22", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "SolarEdge SE3680H\u00a0 ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "SolarEdge SE3680H&nbsp; ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.<div><div></div><div><div></div></div></div><div></div><br>"}]}], "references": [{"url": "https://csirt.divd.nl/CVE-2025-36745", "tags": ["third-party-advisory"]}, {"url": "https://csirt.divd.nl/DIVD-2025-00022/", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "LOW", "Safety": "NEGLIGIBLE", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:N/V:D"}}], "credits": [{"lang": "en", "value": "Alexandros Tokatlis (ENCS)", "type": "finder"}, {"lang": "en", "value": "Victor Pasman (DIVD)", "type": "analyst"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-12T19:33:07.241801Z", "id": "CVE-2025-36745", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-12T19:33:31.099Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36745", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-12T19:33:07.241801Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-12T19:33:26.645Z"}}], "cna": {"title": "SolarEdge SE3680H contains Linux Kernel vulnerabilities", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Alexandros Tokatlis (ENCS)"}, {"lang": "en", "type": "analyst", "value": "Victor Pasman (DIVD)"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}, {"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:N/V:D", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarEdge", "product": "SE3680H", "versions": [{"status": "affected", "version": "4.0", "lessThan": "4.22", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://csirt.divd.nl/CVE-2025-36745", "tags": ["third-party-advisory"]}, {"url": "https://csirt.divd.nl/DIVD-2025-00022/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SolarEdge SE3680H\u00a0 ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.", "supportingMedia": [{"type": "text/html", "value": "SolarEdge SE3680H&nbsp; ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.<div><div></div><div><div></div></div></div><div></div><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-1104 \u2014 Use of Unmaintained Third Party Components"}]}], "providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2025-12-12T15:05:38.582Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36745", "state": "PUBLISHED", "dateUpdated": "2025-12-12T19:33:31.099Z", "dateReserved": "2025-04-15T21:54:36.813Z", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "datePublished": "2025-12-12T15:05:38.582Z", "assignerShortName": "DIVD"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:solaredge:se3680h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1525CFCE-58DC-428A-B3A5-FE97E306C581", "versionEndExcluding": "4.22", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:solaredge:se3680h:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF1A53FC-7C47-46A1-8A50-9FDF74A350C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SolarEdge SE3680H\u00a0 ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information."}], "id": "CVE-2025-36745", "lastModified": "2025-12-23T17:21:13.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:D/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "csirt@divd.nl", "type": "Secondary"}]}, "published": "2025-12-12T15:15:53.170", "references": [{"source": "csirt@divd.nl", "tags": ["Third Party Advisory"], "url": "https://csirt.divd.nl/CVE-2025-36745"}, {"source": "csirt@divd.nl", "tags": ["Broken Link"], "url": "https://csirt.divd.nl/DIVD-2025-00022/"}], "sourceIdentifier": "csirt@divd.nl", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}