CVE-2025-36745 identifies a critical security vulnerability in the SolarEdge SE3680H inverter, specifically version 4.0, which incorporates an outdated Linux kernel containing multiple unpatched vulnerabilities in core subsystems. These kernel flaws fall under CWE-1104, indicating the use of unmaintained third-party components that expose the device to significant security risks. The vulnerability allows an attacker with either network or local access to the device to exploit these kernel-level issues to achieve remote code execution, privilege escalation, or unauthorized disclosure of sensitive information. Notably, the vulnerability does not require authentication or user interaction, increasing its risk profile. The CVSS 4.0 vector (AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:N/V:D) highlights that the attack vector is primarily via network or local access with low complexity and no privileges or user interaction needed. The impact on confidentiality, integrity, and availability is high, with partial scope impact. Although no public exploits are currently known, the presence of unpatched kernel vulnerabilities in a critical infrastructure device like a solar inverter poses a substantial threat. The SolarEdge SE3680H is widely deployed in solar energy installations, making this vulnerability a concern for energy infrastructure security. The lack of available patches at the time of publication necessitates immediate attention from both the vendor and users to mitigate risk.

The vulnerability poses a significant threat to European organizations utilizing SolarEdge SE3680H inverters, particularly those in the renewable energy sector. Successful exploitation could lead to remote code execution, allowing attackers to take control of the inverter, disrupt energy production, or manipulate device operations. Privilege escalation could enable attackers to gain administrative control, potentially leading to persistent access or further lateral movement within the network. Disclosure of sensitive information could expose operational data or credentials, increasing the risk of subsequent attacks. Disruption or manipulation of solar inverters can impact energy availability and grid stability, which is critical in countries with high solar energy penetration. Additionally, compromised devices could be leveraged as entry points for broader attacks on industrial control systems or critical infrastructure. The lack of authentication requirements and ease of exploitation elevate the risk of widespread impact. European energy providers and organizations relying on SolarEdge technology must consider these risks in their operational security and incident response planning.

1. Immediate coordination with SolarEdge to obtain and apply firmware updates or patches addressing the kernel vulnerabilities once available. 2. Implement network segmentation to isolate SE3680H devices from general enterprise networks, limiting exposure to potential attackers. 3. Restrict network access to the inverters by enforcing strict firewall rules and access control lists, allowing only trusted management systems to communicate with the devices. 4. Deploy continuous monitoring and anomaly detection solutions focused on network traffic and device behavior to identify potential exploitation attempts early. 5. Conduct regular security audits and vulnerability assessments on the inverter infrastructure to identify and remediate weaknesses. 6. Where possible, disable unused services and interfaces on the SE3680H to reduce the attack surface. 7. Establish incident response procedures specific to solar inverter compromise scenarios to ensure rapid containment and recovery. 8. Educate operational technology (OT) and IT teams on the risks associated with unpatched third-party components and the importance of timely patch management in OT environments.