CVE-2025-36754 | Growatt ShineLan-X up to 3.6.0.2 Web Interface authentication spoofing

December 13, 2025 Yanac

A vulnerability has been found in Growatt ShineLan-X up to 3.6.0.2 and classified as critical. This impacts an unknown function of the component Web Interface. This manipulation causes authentication bypass by spoofing.

This vulnerability is tracked as CVE-2025-36754. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More

CVE-2025-9116 | WPS Visitor Counter Plugin up to 1.4.8 on WordPress $_SERVER[‘REQUEST_URI’] cross site scripting
CVE-2025-36751 | Growatt ShineLan-X up to 3.6.0.2 Configuration Interface missing encryption