Cyber Resilience

CVE-2025-15557

High

Published: 05 February 2026

Published
05 February 2026
Modified
12 February 2026
KEV Added
Patch
CVSS Score v4 7.5 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0018 8.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-15557 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Tp-Link Tapo H100 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 8.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2025-15557 is an Improper Certificate Validation vulnerability (CWE-295) affecting TP-Link Tapo H100 version 1 and Tapo P100 version 1 smart home devices. The flaw enables an on-path attacker on the same network segment to intercept and modify encrypted communications between the devices and TP-Link's cloud services. Published on 2026-02-05 with a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it undermines the security of device-to-cloud interactions.

An attacker with network adjacency, such as someone on the same local network segment, can exploit this vulnerability without authentication or user interaction. Successful exploitation allows interception and alteration of encrypted traffic, compromising the confidentiality and integrity of device data and commands. This could enable attackers to manipulate device operations, such as falsifying sensor readings or issuing unauthorized controls.

TP-Link provides firmware downloads and support resources for mitigation on their official websites, including pages for Tapo H100 and Tapo P100 at regional support portals (e.g., tp-link.com/en/support/download/tapo-h100/, tp-link.com/us/support/download/tapo-p100/) and an FAQ at tp-link.com/us/support/faq/4949/. Security practitioners should verify and apply the latest firmware updates to affected devices to address the improper certificate validation issue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,…

more

enabling manipulation of device data or operations.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Improper certificate validation (CWE-295) directly enables on-path interception/modification of device-cloud TLS traffic, mapping to Adversary-in-the-Middle.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-9293Same vendor: Tp-Link
CVE-2025-62501Same vendor: Tp-Link
CVE-2026-33810Shared CWE-295
CVE-2026-42012Shared CWE-295
CVE-2025-0500Shared CWE-295
CVE-2024-11621Shared CWE-295
CVE-2025-70043Shared CWE-295
CVE-2026-4396Shared CWE-295
CVE-2026-25160Shared CWE-295
CVE-2026-1530Shared CWE-295

Affected Assets

tp-link
tapo h100 firmware
≤ 1.6.1
tp-link
tapo p100 firmware
≤ 1.2.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-17 directly mandates proper management and validation of PKI certificates, addressing the core improper certificate validation flaw in device-cloud communications.

prevent

SI-2 requires timely flaw remediation through firmware updates, as recommended by TP-Link to fix this specific certificate validation vulnerability.

prevent

SC-8 enforces cryptographic protection for transmission confidentiality and integrity, mitigating interception and modification enabled by improper certificate validation.

References