CVE-2025-15575 identifies a critical security weakness in the firmware update mechanism of the SolaX Power Pocket WiFi 3.0 device, specifically versions earlier than 3.022.03. The vulnerability stems from the absence of any cryptographic integrity or authenticity checks on firmware update files. This means that the device accepts and installs firmware updates without verifying digital signatures or other cryptographic proofs, violating secure update best practices. Additionally, the device's underlying ESP32 microcontroller security features, such as secure boot, are not utilized, which would otherwise prevent unauthorized firmware execution. An attacker with network access or the ability to deliver a malicious firmware update can exploit this flaw to flash arbitrary firmware, potentially gaining persistent control over the device. This could lead to device manipulation, data interception, or use as a foothold for lateral movement within a network. Although no public exploits are currently known, the vulnerability's nature and lack of mitigations make it a high-risk issue. The absence of cryptographic protections in firmware updates is a classic CWE-494 weakness, which has historically led to severe compromises in embedded and IoT devices. The vulnerability was published in February 2026, with no patch currently available, emphasizing the need for immediate attention from users and vendors.

For European organizations, the exploitation of this vulnerability could have severe consequences. The Pocket WiFi 3.0 device is likely used in environments requiring reliable and secure wireless connectivity, including renewable energy installations, industrial control systems, or remote monitoring setups. A compromised device could allow attackers to intercept sensitive communications, disrupt network availability, or pivot to other critical systems. This could lead to operational downtime, data breaches, or sabotage of infrastructure. Given the device’s role in connectivity, availability impacts could be significant, affecting business continuity. Confidentiality and integrity of data transmitted through or managed by the device are also at risk. The lack of secure boot means that malicious firmware could persist across reboots, complicating detection and remediation. European organizations in sectors such as energy, manufacturing, and critical infrastructure are particularly at risk due to their reliance on secure IoT and network devices. The absence of known exploits currently provides a window for proactive mitigation, but the potential impact remains high if attackers develop exploit code.

Immediate mitigation steps include restricting network access to the Pocket WiFi 3.0 devices to trusted management networks only, minimizing exposure to untrusted sources. Organizations should implement network segmentation to isolate these devices from critical infrastructure. Monitoring network traffic for unusual firmware update attempts or unexpected device behavior can aid early detection. Since no official patches are currently available, users should engage with SolaX Power to demand firmware updates that incorporate cryptographic signature verification and enable ESP32 secure boot features. Until patches are released, organizations should consider disabling remote firmware update capabilities if possible or applying manual update procedures verified through secure channels. Employing endpoint detection and response (EDR) tools that can identify anomalous device behavior may also help. Finally, maintaining an inventory of affected devices and prioritizing their replacement or upgrade in critical environments is advisable.