PT-2025-32228 · Tigo Energy · Tigo Energy Cca

Anthony Rose

Published

2025-08-05

Updated

2025-08-06

CVE-2025-7770

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tigo Energy CCA device (affected versions not specified)

Description The Tigo Energy CCA device is susceptible to insecure session ID generation within its remote API. Session IDs are created using a predictable method based on the current timestamp, potentially allowing attackers to recreate valid session IDs. This, combined with the ability to bypass session ID requirements for specific commands, could grant unauthorized access to sensitive device functions on connected solar optimization systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-337

Related Identifiers

BDU:2025-09578

CVE-2025-7770

Affected Products

Tigo Energy Cca

PT-2025-32228 · Tigo Energy · Tigo Energy Cca

CVE-2025-7770

Weakness Enumeration

Related Identifiers

Affected Products

References · 7