CVE-2025-15573

🗓️ 12 Feb 2026 10:39:35Reported by SEC-VLabType

CVE-2025-15573: Solax Pocket WiFi fails server certificate validation on MQTT Cloud, enabling MITM.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2025-15573	12 Feb 202610:39	–	attackerkb
Circl	CVE-2025-15573	12 Feb 202615:51	–	circl
CNNVD	SolaX Power Pocket 安全漏洞	12 Feb 202600:00	–	cnnvd
Cvelist	CVE-2025-15573 Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection	12 Feb 202610:39	–	cvelist
NVD	CVE-2025-15573	12 Feb 202611:15	–	nvd
Positive Technologies	PT-2026-7834	12 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-15573	13 Feb 202613:22	–	redhatcve
Vulnrichment	CVE-2025-15573 Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection	12 Feb 202610:39	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Pocket WiFi 3.0",
    "vendor": "SolaX Power",
    "versions": [
      {
        "status": "affected",
        "version": "<3.022.03"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Pocket WiFi+LAN",
    "vendor": "SolaX Power",
    "versions": [
      {
        "status": "affected",
        "version": "<1.009.02"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Pocket WiFi+4GM",
    "vendor": "SolaX Power",
    "versions": [
      {
        "status": "affected",
        "version": "<1.005.05"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Pocket WiFi+LAN 2.0",
    "vendor": "SolaX Power",
    "versions": [
      {
        "status": "affected",
        "version": "<006.06"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Pocket WiFi 4.0",
    "vendor": "SolaX Power",
    "versions": [
      {
        "status": "affected",
        "version": "<003.03"
      }
    ]
  }
]

Source	Link
r	www.r.sec-consult.com/solax

17 Jun 2026 08:38Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.19.4

EPSS0.00216

SSVC

CWE-295