CVE-2025-8065 identifies a buffer overflow vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) in the ONVIF XML parser component of the TP-Link Tapo C200 V3 IP camera. The vulnerability arises when the device processes specially crafted SOAP XML requests sent over the local network. An unauthenticated attacker with access to the same local network segment can exploit this flaw by sending maliciously constructed XML data that causes a memory overflow condition. This overflow leads to a crash of the device, effectively causing a denial-of-service (DoS) condition by rendering the camera inoperative until it is rebooted or reset. The vulnerability does not require any authentication, user interaction, or prior knowledge of credentials, making it relatively easy to exploit for an attacker with local network access. The CVSS v4.0 score of 7.1 reflects a high severity, primarily due to the ease of exploitation and the impact on availability. The attack vector is local network (AV:A), with low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and no impact on confidentiality or integrity but high impact on availability (VA:H). No patches or fixes have been published yet, and no known exploits are reported in the wild as of the publication date. The vulnerability affects all versions of the Tapo C200 V3, which is a popular consumer and SMB-grade surveillance camera supporting ONVIF protocol for interoperability. This flaw could be leveraged by attackers to disrupt surveillance monitoring, potentially impacting security operations that rely on continuous camera availability.

For European organizations, the primary impact of CVE-2025-8065 is the disruption of surveillance and security monitoring capabilities due to denial-of-service conditions on Tapo C200 V3 cameras. This can lead to gaps in physical security coverage, increasing the risk of undetected intrusions or incidents. Critical infrastructure facilities, corporate offices, and public sector entities using these cameras could experience operational interruptions. The vulnerability's requirement for local network access limits remote exploitation but raises concerns in environments with weak network segmentation or guest network access. Additionally, the inability to authenticate the attacker increases the risk of insider threats or lateral movement by attackers who have already compromised internal networks. The lack of a patch means organizations must rely on network-level controls and monitoring to mitigate risk. Given the widespread use of TP-Link devices in European homes and small businesses, there is also a risk of large-scale disruption in residential or small office environments, which could indirectly affect larger organizations through supply chain or partner networks.

1. Implement strict network segmentation to isolate IoT devices like the Tapo C200 V3 cameras from critical business networks and sensitive systems. 2. Restrict local network access to trusted users and devices only, using VLANs, access control lists (ACLs), and network access control (NAC) solutions. 3. Monitor network traffic for unusual or malformed SOAP XML requests targeting ONVIF services, employing intrusion detection/prevention systems (IDS/IPS) with custom signatures. 4. Disable ONVIF or SOAP services on the cameras if not required for operational use. 5. Regularly audit and update device firmware once patches become available from TP-Link. 6. Educate network administrators and security teams about the vulnerability and the importance of limiting local network exposure of IoT devices. 7. Consider deploying network anomaly detection tools that can identify device crashes or restarts indicative of exploitation attempts. 8. Maintain an inventory of all deployed Tapo C200 V3 devices to ensure comprehensive coverage of mitigation efforts.