CVE-2025-7768

🗓️ 06 Aug 2025 20:28:43Reported by icscertType

Tigo Energy Cloud Connect Advanced has hard-coded credentials leading to unauthorized administrative access.

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of the monitoring and control device for solar energy systems, Tigo Cloud Connect Advanced (CCA), arises from the use of strictly encrypted account data. This allows attackers to circumvent security restrictions, gain increased privileges, and obtain full control over the device.	11 Aug 202500:00	–	bdu_fstec
Circl	CVE-2025-7768	5 Aug 202510:00	–	circl
CNNVD	Tigo Energy Cloud Connect Advanced 信任管理问题漏洞	6 Aug 202500:00	–	cnnvd
Cvelist	CVE-2025-7768 Use of Hard-coded Credentials in Tigo Energy Cloud Connect Advanced	6 Aug 202520:28	–	cvelist
EUVD	EUVD-2025-23883	3 Oct 202520:07	–	euvd
NVD	CVE-2025-7768	6 Aug 202521:15	–	nvd
Positive Technologies	PT-2025-32226 · Tigo Energy · Cloud Connect Advanced	5 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-7768	8 Aug 202520:32	–	redhatcve
Vulnrichment	CVE-2025-7768 Use of Hard-coded Credentials in Tigo Energy Cloud Connect Advanced	6 Aug 202520:28	–	vulnrichment

Vulners

Node

tigo_energy cloud_connect_advancedRange≤4.0.1

[
  {
    "defaultStatus": "unaffected",
    "product": "Cloud Connect Advanced",
    "vendor": "Tigo Energy",
    "versions": [
      {
        "lessThanOrEqual": "4.0.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-25-217-02

17 Jun 2026 10:05Current

7.1High risk

Vulners AI Score7.1

CVSS 49.3

EPSS0.00511

SSVC

CWE-798