CVE-2025-4975 - Vulnerability Details - OpenCVE

When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://play.google.com/store/apps/details?id=com.tplink.iot&hl=en_US
https://www.tp-link.com/us/support/faq/4464/

History

Wed, 08 Oct 2025 10:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-269

Wed, 08 Oct 2025 09:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-863

Fri, 23 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 22 May 2025 21:30:00 +0000

Type	Values Removed	Values Added
Description		When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.
Title		Tapo privilege escalation on shared devices using notifications
Weaknesses		CWE-269
References		https://play.google.com/store/apps/details?id=com.tplink.iot&hl=en_US https://www.tp-link.com/us/support/faq/4464/
Metrics		cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L'}`

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2025-05-22T21:17:52.691Z

Updated: 2025-10-08T09:37:20.297Z

Reserved: 2025-05-20T02:56:36.381Z

Link: CVE-2025-4975

Vulnrichment

Updated: 2025-05-23T14:27:35.464Z

NVD

Status : Awaiting Analysis

Published: 2025-05-22T22:15:31.043

Modified: 2025-10-08T10:15:38.193

Link: CVE-2025-4975

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4975", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2025-05-20T02:56:36.381Z", "datePublished": "2025-05-22T21:17:52.691Z", "dateUpdated": "2025-10-08T09:37:20.297Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Android"], "product": "TP-Link Tapo app", "vendor": "TP-Link Systems Inc.", "versions": [{"lessThan": "3.10.513", "status": "affected", "version": "0", "versionType": "3.10.513"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."}], "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2025-10-08T09:37:20.297Z"}, "references": [{"url": "https://www.tp-link.com/us/support/faq/4464/"}, {"url": "https://play.google.com/store/apps/details?id=com.tplink.iot&hl=en_US"}], "source": {"discovery": "UNKNOWN"}, "title": "Tapo privilege escalation on shared devices using notifications", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-23T14:26:25.678883Z", "id": "CVE-2025-4975", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-23T14:27:40.507Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4975", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-23T14:26:25.678883Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-23T14:27:35.464Z"}}], "cna": {"title": "Tapo privilege escalation on shared devices using notifications", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "product": "TP-Link Tapo app", "versions": [{"status": "affected", "version": "0", "lessThan": "3.10.513", "versionType": "3.10.513"}], "platforms": ["Android"], "defaultStatus": "unknown"}], "references": [{"url": "https://www.tp-link.com/us/support/faq/4464/"}, {"url": "https://play.google.com/store/apps/details?id=com.tplink.iot&hl=en_US"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.", "supportingMedia": [{"type": "text/html", "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2025-10-08T09:37:20.297Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4975", "state": "PUBLISHED", "dateUpdated": "2025-10-08T09:37:20.297Z", "dateReserved": "2025-05-20T02:56:36.381Z", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "datePublished": "2025-05-22T21:17:52.691Z", "assignerShortName": "TPLink"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."}, {"lang": "es", "value": "Cuando aparece una notificaci\u00f3n relacionada con bater\u00eda baja para un usuario con quien se ha compartido el dispositivo, al tocar la notificaci\u00f3n se otorga acceso completo a la configuraci\u00f3n de energ\u00eda de ese dispositivo."}], "id": "CVE-2025-4975", "lastModified": "2025-10-08T10:15:38.193", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2025-05-22T22:15:31.043", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://play.google.com/store/apps/details?id=com.tplink.iot&hl=en_US"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/us/support/faq/4464/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}