Cyber Posture

CVE-2025-13399

High

Published: 29 January 2026

Published
29 January 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13399 is a high-severity Insufficient Entropy (CWE-331) vulnerability in Tp-Link Vx800V Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Reduce Key Space (T1600.001); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Reduce Key Space (T1600.001). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the specific encryption flaw by requiring timely remediation through vendor firmware updates that address the weak AES key.

SC-12 Cryptographic Key Establishment and Management good match
prevent

Ensures cryptographic keys are established and managed with sufficient entropy and strength, preventing brute-force attacks on weak AES keys due to insufficient entropy.

SC-8 Transmission Confidentiality and Integrity good match
prevent

Protects confidentiality and integrity of web interface transmissions, mitigating decryption of intercepted traffic by requiring robust cryptographic protections.

MITRE ATT&CK Enterprise TechniquesAI

T1600.001 Reduce Key Space Defense Impairment
Adversaries may reduce the level of effort required to decrypt data transmitted over the network by reducing the cipher strength of encrypted communications.
attack.mitre.org →
Why these techniques?

Vulnerability stems from insufficient entropy (CWE-331) producing a weak AES key in application-layer encryption; this directly enables brute-force key recovery on intercepted traffic, matching T1600.001 Reduce Key Space.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high…

more

impact to confidentiality, integrity, and availability of transmitted data.

Deeper analysisAI

CVE-2025-13399 is a weakness in the web interface’s application layer encryption of the TP-Link VX800v v1.0 device. Published on 2026-01-29, it enables an adjacent attacker to brute force a weak AES key and decrypt intercepted traffic. The issue is linked to CWE-331: Insufficient Entropy, with a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An adjacent attacker with network proximity can exploit this vulnerability without authentication or user interaction. Exploitation requires low complexity and results in high impacts to the confidentiality, integrity, and availability of transmitted data.

TP-Link advisories recommend mitigation through firmware updates available at https://www.tp-link.com/de/support/download/vx800v/#Firmware, along with related guidance in their FAQ at https://www.tp-link.com/us/support/faq/4930/. Security practitioners should verify and apply these updates promptly.

Details

CWE(s)
CWE-331

Affected Products

tp-link
vx800v firmware
≤ 800.0.11

CVEs Like This One

CVE-2026-22698Shared CWE-331
CVE-2026-3622Same vendor: Tp-Link
CVE-2026-22224Same vendor: Tp-Link
CVE-2025-62673Same vendor: Tp-Link
CVE-2025-6542Same vendor: Tp-Link
CVE-2025-15606Same vendor: Tp-Link
CVE-2024-54887Same vendor: Tp-Link
CVE-2026-0652Same vendor: Tp-Link
CVE-2025-58077Same vendor: Tp-Link
CVE-2025-59487Same vendor: Tp-Link

References