CVE-2025-15573

Critical

Published: 12 February 2026

Published

12 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS Score 0.0001 1.9th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15573 is a critical-severity Improper Certificate Validation (CWE-295) vulnerability in Sec Consult (inferred from references). Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 1.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-9 (Service Identification and Authentication) and SC-17 (Public Key Infrastructure Certificates).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-17 Public Key Infrastructure Certificates good match

prevent

Directly mandates validation of PKI certificates during connections to external servers, preventing MITM impersonation due to improper certificate validation.

IA-9 Service Identification and Authentication good match

prevent

Requires the system to uniquely identify and authenticate non-organizational services like the external MQTT server, blocking unauthorized server impersonation.

SC-23 Session Authenticity good match

prevent

Protects communications session authenticity to ensure trusted establishment and prevent man-in-the-middle attacks exploiting unvalidated server certificates.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

Improper certificate validation (CWE-295) directly enables positioning as Adversary-in-the-Middle to impersonate the MQTTS server, intercept traffic, and issue commands.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and…

issue arbitrary commands to devices.

Deeper analysisAI

CVE-2025-15573 is an improper certificate validation vulnerability (CWE-295) affecting SolaX devices. These devices fail to validate the server certificate when establishing connections to the SolaX Cloud MQTTS server hosted on Alibaba Cloud at mqtt001.solaxcloud.com over TCP port 8883. The issue has a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) and was published on 2026-02-12.

Attackers who can position themselves in a man-in-the-middle role between affected devices and the MQTT server can impersonate the legitimate server. This enables them to intercept communications and issue arbitrary commands to the devices, achieving high-impact confidentiality and integrity violations along with low availability impact.

Mitigation details are available in the security advisory at https://r.sec-consult.com/solax.