CVE-2025-15573 is a vulnerability identified in the SolaX Power Pocket WiFi 3.0 devices, specifically affecting versions prior to 3.022.03. The root cause is improper certificate validation (CWE-295) during the establishment of a secure MQTT connection to the SolaX Cloud MQTTS server hosted on Alibaba Cloud (mqtt001.solaxcloud.com, TCP port 8883). The devices do not verify the server's TLS certificate, which is a critical step in ensuring the authenticity of the server endpoint. This flaw enables an attacker positioned in a man-in-the-middle (MitM) role to impersonate the legitimate MQTT server by presenting a fraudulent certificate. Consequently, the attacker can issue arbitrary MQTT commands to the affected devices, potentially controlling device behavior or disrupting operations. The vulnerability requires no authentication or user interaction, and the attack vector is network-based, making exploitation feasible remotely if the attacker can intercept or redirect device traffic. The CVSS v3.1 score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) indicates a critical severity with high confidentiality and integrity impact and low attack complexity. While no known exploits have been reported in the wild, the vulnerability represents a significant risk to the security and reliability of the affected IoT devices, particularly in environments where these devices are used for critical infrastructure or energy management. The lack of patch links suggests that a fix may be forthcoming but is not yet publicly available, emphasizing the need for proactive mitigation strategies.

The impact of CVE-2025-15573 is severe for organizations using SolaX Power Pocket WiFi 3.0 devices in their infrastructure. Exploitation allows attackers to impersonate the cloud MQTT server and send arbitrary commands to devices, compromising device integrity and potentially causing unauthorized operational changes or disruptions. This can lead to loss of control over connected devices, data manipulation, and potential cascading failures in systems relying on these devices for connectivity or control, such as renewable energy installations or smart grid components. Confidentiality is also at risk since attackers can intercept and manipulate data streams. The vulnerability's network-based attack vector and lack of required authentication increase the likelihood of exploitation, especially in environments with insufficient network segmentation or monitoring. Organizations may face operational downtime, financial losses, and reputational damage if attackers leverage this vulnerability. Furthermore, the critical nature of the flaw could make these devices attractive targets for nation-state actors or cybercriminals aiming to disrupt energy infrastructure or IoT ecosystems.

1. Immediate mitigation involves updating all affected SolaX Power Pocket WiFi 3.0 devices to firmware version 3.022.03 or later once the vendor releases a patch that properly validates server certificates. 2. Until patches are available, implement network-level controls such as strict firewall rules to restrict MQTT traffic to only trusted IP addresses and ports. 3. Deploy network intrusion detection/prevention systems (IDS/IPS) capable of detecting anomalous MQTT traffic or TLS interception attempts. 4. Use TLS interception detection tools to identify man-in-the-middle attacks on MQTT connections. 5. Enforce network segmentation to isolate IoT devices from general enterprise networks, limiting exposure to potential attackers. 6. Monitor device logs and MQTT traffic for unusual command patterns or connection attempts. 7. Engage with the vendor for timely updates and security advisories. 8. Consider deploying additional endpoint security solutions on devices where feasible to detect unauthorized command execution. 9. Educate network administrators and security teams about the risks of improper certificate validation and the importance of secure MQTT communications.