Security Advisory

CVE-2025-13932

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-04 21:17:03
Last updated 2025-12-05 16:32:02
Assigner icscert
State PUBLISHED

Description

The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.