CVE-2025-52586

low-risk

Published 2025-08-08

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.9/10 Medium

LOCAL / HIGH complexity

References (3)

https://eg4electronics.com/contact/

https://eg4electronics.com/wp-content/uploads/2025/09/EG4-Wi-Fi-Dongle-Dongle-Fi...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal