CVE-2025-15573 — CRITICAL (9.4)

Vulnerability Description

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.

CVSS Score

9.4

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Related Weaknesses (CWE)

CWE-295

References

https://r.sec-consult.com/solax

FAQ

What is CVE-2025-15573?

CVE-2025-15573 is a vulnerability with a CVSS score of 9.4 (CRITICAL). The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a m...

How severe is CVE-2025-15573?

CVE-2025-15573 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-15573?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.