Cyber Resilience

CVE-2025-15573

Critical

Published: 12 February 2026

Published
12 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0022 11.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-15573 is a critical-severity Improper Certificate Validation (CWE-295) vulnerability in Sec Consult (inferred from references). Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 11.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-9 (Service Identification and Authentication) and SC-17 (Public Key Infrastructure Certificates).

Deeper analysis

CVE-2025-15573 is an improper certificate validation vulnerability (CWE-295) affecting SolaX devices. These devices fail to validate the server certificate when establishing connections to the SolaX Cloud MQTTS server hosted on Alibaba Cloud at mqtt001.solaxcloud.com over TCP port 8883. The issue has a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) and was published on 2026-02-12.

Attackers who can position themselves in a man-in-the-middle role between affected devices and the MQTT server can impersonate the legitimate server. This enables them to intercept communications and issue arbitrary commands to the devices, achieving high-impact confidentiality and integrity violations along with low availability impact.

Mitigation details are available in the security advisory at https://r.sec-consult.com/solax.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and…

more

issue arbitrary commands to devices.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Improper certificate validation (CWE-295) directly enables positioning as Adversary-in-the-Middle to impersonate the MQTTS server, intercept traffic, and issue commands.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33810Shared CWE-295
CVE-2026-42012Shared CWE-295
CVE-2025-0500Shared CWE-295
CVE-2024-11621Shared CWE-295
CVE-2025-70043Shared CWE-295
CVE-2026-4396Shared CWE-295
CVE-2026-25160Shared CWE-295
CVE-2026-1530Shared CWE-295
CVE-2025-1193Shared CWE-295
CVE-2025-9293Shared CWE-295

Affected Assets

Sec Consult
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation of PKI certificates during connections to external servers, preventing MITM impersonation due to improper certificate validation.

prevent

Requires the system to uniquely identify and authenticate non-organizational services like the external MQTT server, blocking unauthorized server impersonation.

prevent

Protects communications session authenticity to ensure trusted establishment and prevent man-in-the-middle attacks exploiting unvalidated server certificates.

References