{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T15:26:39.750","vulnerabilities":[{"cve":{"id":"CVE-2025-15573","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2026-02-12T11:15:47.780","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices."},{"lang":"es","value":"Los dispositivos afectados no validan el certificado del servidor al conectarse al servidor MQTTS de SolaX Cloud alojado en Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). Esto permite a los atacantes en una posición de man-in-the-middle actuar como el servidor MQTT legítimo y emitir comandos arbitrarios a los dispositivos."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://r.sec-consult.com/solax","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"}]}}]}