{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-36745","assignerOrgId":"b87402ff-ae37-4194-9dae-31abdbd6f217","state":"PUBLISHED","assignerShortName":"DIVD","dateReserved":"2025-04-15T21:54:36.813Z","datePublished":"2025-12-12T15:05:38.582Z","dateUpdated":"2025-12-12T19:33:31.099Z"},"containers":{"cna":{"providerMetadata":{"orgId":"b87402ff-ae37-4194-9dae-31abdbd6f217","shortName":"DIVD","dateUpdated":"2025-12-12T15:05:38.582Z"},"title":"SolarEdge SE3680H contains Linux Kernel vulnerabilities","problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-1104 — Use of Unmaintained Third Party Components"}]}],"impacts":[{"capecId":"CAPEC-549","descriptions":[{"lang":"en","value":"CAPEC-549 Local Execution of Code"}]},{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"affected":[{"vendor":"SolarEdge","product":"SE3680H","versions":[{"status":"affected","version":"4.0","lessThan":"4.22","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"SolarEdge SE3680H  ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.","supportingMedia":[{"type":"text/html","base64":false,"value":"SolarEdge SE3680H&nbsp; ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information.<div><div></div><div><div></div></div></div><div></div><br>"}]}],"references":[{"url":"https://csirt.divd.nl/CVE-2025-36745","tags":["third-party-advisory"]},{"url":"https://csirt.divd.nl/DIVD-2025-00022/","tags":["third-party-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"LOW","Safety":"NEGLIGIBLE","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","baseSeverity":"HIGH","baseScore":8.6,"vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:N/V:D"}}],"credits":[{"lang":"en","value":"Alexandros Tokatlis (ENCS)","type":"finder"},{"lang":"en","value":"Victor Pasman (DIVD)","type":"analyst"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-12T19:33:07.241801Z","id":"CVE-2025-36745","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-12T19:33:31.099Z"}}]}}