关键信息 漏洞标识 CVE: CVE-2025-36758 漏洞标题 Title: Bypass of brute-force protection in Solax Cloud 影响的产品 Product: Solax Power Solax Cloud - Affected: before 27-06-2025 - Unaffected: everything else CVSS评分 Base Score: 6.1 - MEDIUM Attack Vector: NETWORK Attack Complexity: LOW Attack Requirements: PRESENT Privileges Required: NONE Confidentiality Impact: LOW (Vulnerable system), Subsequent systems: NONE Integrity Impact: LOW (Vulnerable system), Subsequent systems: NONE Availability Impact: NONE (Vulnerable system), Subsequent systems: NONE 参考链接 https://csirt.divd.nl/CVE-2025-36758 (third-party-advisory) https://csirt.divd.nl/DIVD-2025-00015 (third-party-advisory) 问题类型 CWE-307 Improper Restriction of Excessive Authentication Attempts 描述 It is possible to bypass the clipping level of authentication attempts in SolaxX Cloud through the use of the 'Forgot Password' functionality as an oracle.