CVE-2025-15573CRITICAL 9.4EPSS p11.9%

CVE-2025-15573CVE-2025-15573

Description

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.

Scoring

CVSS 3.19.4 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS0.22% probability of exploitation · percentile 11.9% · 2026-06-19T12:03:05Z
Published2026-02-12
Last modified2026-04-15

Underlying weaknesses· 1

CWE-295

References

  1. https://r.sec-consult.com/solax

1

TypeTargetConfidenceTier
WeaknessImproper Certificate Validationcwe-2950%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-0680
CVE
CVE-2026-49198
CVE
CVE-2026-49186
CVE
CVE-2025-3090
CVE
CVE-2025-41684
CVE
CVE-2025-41709
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.