Strix
26.1K

CVE-2025-8065

HIGHCVSS 8.7/10EPSS 0.47%

Last modified

CVE-2025-8065 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. EPSS estimates a 0.47% chance of exploitation in the next 30 days.

Description

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP request with an oversized namespace prefix to cause memory corruption in stack. An unauthenticated attacker on the same local network may exploit this flaw to enable remote code execution with elevated privileges, leading to full compromise of the device.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0
8.7/10

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
0.47%

37.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
Tp-LinkTapo C200 Firmware1.3.3Build 230228
Tp-LinkTapo C200 Firmware1.3.4Build 230424
Tp-LinkTapo C200 Firmware1.3.5Build 230717
Tp-LinkTapo C200 Firmware1.3.7Build 230920
Tp-LinkTapo C200 Firmware1.3.9Build 231019
Tp-LinkTapo C200 Firmware1.3.11Build 231115
Tp-LinkTapo C200 Firmware1.3.13Build 240327
Tp-LinkTapo C200 Firmware1.3.14Build 240513
Tp-LinkTapo C200 Firmware1.3.15Build 240715
Tp-LinkTapo C200 Firmware1.4.1Build 241212
Tp-LinkTapo C200 Firmware1.4.2Build 250313
Tp-LinkTapo C200 Firmware1.4.4Build 250922

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2025-8065?
A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP request with an oversized namespace prefix to cause memory corruption in stack. An unauthenticated attacker on the same local network may exploit this flaw to enable remote code execution with elevated privileges, leading to full compromise of the device.
How severe is CVE-2025-8065?
CVE-2025-8065 has a CVSS score of 8.7/10 (HIGH severity). The EPSS model estimates a 0.47% probability of exploitation in the next 30 days.
How do I fix CVE-2025-8065?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-8065?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST