CVE-2025-7768
published 2025-08-06CVE-2025-7768: Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This…
PriorityP359critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.51%
39.7th percentile
Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tigo_energy | cloud_connect_advanced | <= 4.0.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9mwr-2fgp-xxq7: Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access
ghsa_unreviewed·2025-08-06
CVE-2025-7768 [CRITICAL] CWE-798 GHSA-9mwr-2fgp-xxq7: Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access
Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.
CISA ICS
Tigo Energy Cloud Connect Advanced (Update A)
cisa_ics·2025-08-19·CVSS 9.3
[CRITICAL] Tigo Energy Cloud Connect Advanced (Update A)
ICS Advisory
##
Tigo Energy Cloud Connect Advanced (Update A)
Last RevisedAugust 19, 2025
Alert CodeICSA-25-217-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Tigo Energy
- Equipment: Cloud Connect Advanced
- Vulnerabilities: Use of Hard-coded Credentials, Command Injection, Predictable Seed in Pseudo-Random Number Generator (PRNG).
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized administrative access using hard-coded credentials, escalate privileges to take full control of the device, modify system settin
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-06
Published