cbcvebase.
CVE-2025-7769
published 2025-08-06

CVE-2025-7769: Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing…

PriorityP277high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
16.24%
96.5th percentile
Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, this enables attackers to execute arbitrary commands on the device that could cause potential unauthorized access, service disruption, and data exposure.

Affected

1 ranges
VendorProductVersion rangeFixed in
tigo_energycloud_connect_advanced<= 4.0.1

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/mobile_api
command{"cmd": "DEVICE_PING;id","dev": 2,"ver": 1 }
  • Monitor for POST requests to /cgi-bin/mobile_api containing semicolons or shell metacharacters in the 'cmd' field, particularly with the DEVICE_PING command value, indicating command injection attempts.
  • Public exploit code (Exploit-DB 52404) targets Tigo Energy CCA version 4.0.1 and prior; alert on exploitation attempts against devices running these versions.
  • The exploit uses Content-Type: application/json with a JSON body; correlate this with the specific User-Agent string 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:50.0)' for exploit-tool fingerprinting.
  • ·The vulnerability is exploitable with default/hard-coded credentials (CVE-2025-7768 companion vulnerability); exploitation of CVE-2025-7769 in practice leverages these default credentials, so credential hardening is a prerequisite mitigation.
  • ·No vendor patch is available as of the advisory date; Tigo Energy is actively working on a fix. Affected versions are 4.0.1 and prior.
  • ·Public exploit code is confirmed available for CVE-2025-7769, raising the urgency of network-level mitigations such as isolating the device from internet exposure.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.