CVE-2025-36753 HIGH

CVE-2025-36753: SWD Interface Open on Growatt ShineLan-X

Vendor Growatt
Product ShineLan-X
Weakness CWE-290
Published December 13, 2025
Last update December 16, 2025

CVSS base score

8.6/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device

Key dates

02Disclosure timeline

December 13, 2025 CVE published
December 16, 2025 Record updated