Home / Vulnerability Intelligence / CVE-2025-15573

CVE-2025-15573 - Vulnerability Analysis

CriticalCVSS: 9.4

Last Updated: February 12, 2026

SolaX - Man-in-the-Middle

Published: February 12, 2026Updated: February 12, 2026Remote Exploitable

Overview

SolaX devices contain a man-in-the-middle vulnerability caused by lack of server certificate validation when connecting to the SolaX Cloud MQTTS server, letting attackers issue arbitrary commands, exploit requires network position to intercept traffic.

Severity & Score

Severity: Critical

CVSS Score: 9.4

EPSS Score: 2.0%(Probability of exploitation in next 30 days)

Impact

Attackers can intercept and manipulate device commands, potentially controlling devices remotely and causing unauthorized actions.

Mitigation

Update to a version that validates server certificates or apply patches to enforce certificate validation.

References

https://r.sec-consult.com/solax

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 12, 2026

🔴 CVE-2025-15573 - Critical (9.4) The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitim... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15573/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-15573
Severity: Critical
CVSS Score: 9.4
Type: man_in_the_middle
Status: unconfirmed
EPSS: 2.0%
Social Posts: 1

CWE

CWE-295

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS Score

2.0%Probability of exploitation in the next 30 days