ICSA-25-217-02 · Published 2025-08-19 · View on CISA ICS-CERT ↗

Tigo Energy Cloud Connect Advanced (Update A)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized administrative access using hard-coded credentials, escalate privileges to take full control of the device, modify system settings, disrupt solar energy production, interfere with safety mechanisms, execute arbitrary commands via command injection, cause service disruptions, expose sensitive data, and recreate valid session IDs to access sensitive device functions on connected solar inverter systems due to insecure session ID generation.

CVEs (3)

CVE-2025-7768 CVE-2025-7769 CVE-2025-7770

Remediations

Tigo Energy is aware of these vulnerabilities and is actively working on a fix to address them.
Visit Tigo Energy's Help Center for more specific security recommendations.

Affected Vendors

Tigo Energy

Affected Products (1)

Tigo Energy · Cloud Connect Advanced <=4.0.1

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more