CVE-2025-15573 identifies a critical security vulnerability in SolaX Pocket WiFi 3.0 devices related to improper certificate validation (CWE-295) during MQTT connections. Specifically, the affected devices fail to validate the server's TLS certificate when connecting to the SolaX Cloud MQTT server hosted on Alibaba Cloud (mqtt001.solaxcloud.com, TCP port 8883). This lack of validation allows an attacker positioned as a man-in-the-middle (MitM) to impersonate the legitimate MQTT server. By doing so, the attacker can issue arbitrary MQTT commands to the devices, potentially controlling or disrupting their operation. The vulnerability affects all device versions prior to 3.022.03, with no patches currently available. The MQTT protocol is commonly used for lightweight messaging in IoT and network devices, making this vulnerability particularly concerning for device integrity and operational reliability. Although no exploits have been reported in the wild, the vulnerability's nature means it can be exploited without authentication or user interaction, increasing its risk profile. The flaw compromises the confidentiality and integrity of device-cloud communications and may impact availability if malicious commands cause device malfunction or denial of service. The vulnerability was published on February 12, 2026, and is tracked under CWE-295, which relates to improper certificate validation leading to trust issues in secure communications.

For European organizations, this vulnerability poses significant risks, especially for those relying on SolaX Pocket WiFi 3.0 devices for critical communications or IoT infrastructure. The ability of an attacker to impersonate the MQTT server and send arbitrary commands could lead to unauthorized control, data manipulation, or service disruption. This can compromise operational continuity, data integrity, and potentially expose sensitive information transmitted between devices and cloud services. Industrial, energy, and smart building sectors using these devices may face operational outages or safety risks. Additionally, the vulnerability could be leveraged for lateral movement within networks or as a foothold for broader attacks. The lack of certificate validation undermines the trust model of TLS connections, making encrypted communications vulnerable to interception and tampering. Given the widespread use of MQTT in IoT deployments, the impact extends beyond individual devices to the broader ecosystem relying on secure device-cloud interactions.

Immediate mitigation steps include network-level controls such as deploying TLS interception detection, enforcing strict firewall rules to limit MQTT traffic to trusted sources, and monitoring network traffic for anomalous MQTT commands. Organizations should isolate affected devices on segmented networks to reduce exposure. Since no patch is currently available, users should avoid connecting devices over untrusted networks or VPNs that could be compromised. Implementing additional authentication or message validation mechanisms at the application layer can help detect unauthorized commands. Regularly auditing device firmware versions and preparing for prompt updates once patches are released is critical. Vendors and integrators should be engaged to prioritize patch development and deployment. Security teams should also educate users about the risks of connecting devices to insecure networks and monitor for signs of compromise or unusual device behavior.