CVE-2025-7768

Summary

Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.

Affected Software

VendorProductVersion RangeStatus
Tigo EnergyCloud Connect Advanced0 <= 4.0.1affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

Workarounds

Tigo Energy is aware of these vulnerabilities and is actively working on a fix to address them.

Visit Tigo Energy's Help Center https://support.tigoenergy.com/hc/en-us  for more specific security recommendations.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References