Unknown · Soliscloud Api · CVE-2025-13932
**Name of the Vulnerable Software and Affected Versions**
SolisCloud API (affected versions not specified)
**Description**
The SolisCloud API has a Broken Access Control issue, specifically an Insecure Direct Object Reference (IDOR). An authenticated user can access detailed data for any plant by modifying the `plant id` in a request. The API endpoint is vulnerable to unauthorized access due to improper access control mechanisms.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.