CVE-2025-8065 - Vulnerability Details - OpenCVE

A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes
https://www.tp-link.com/us/support/faq/4849/

History

Sat, 20 Dec 2025 01:15:00 +0000

Type	Values Removed	Values Added
Description		A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).
Title		Buffer Overflow in ONVIF XML Parser on Tapo C200
Weaknesses		CWE-400
References		https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes https://www.tp-link.com/us/support/faq/4849/
Metrics		cvssV4_0 `{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2025-12-20T00:41:56.823Z

Updated: 2025-12-20T00:41:56.823Z

Reserved: 2025-07-22T21:23:25.432Z

Link: CVE-2025-8065

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-20T01:16:05.410

Modified: 2025-12-20T01:16:05.410

Link: CVE-2025-8065

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8065", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2025-07-22T21:23:25.432Z", "datePublished": "2025-12-20T00:41:56.823Z", "dateUpdated": "2025-12-20T00:41:56.823Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["ONVIF Server"], "product": "Tapo C200 V3", "vendor": "TP-Link Systems Inc.", "versions": [{"lessThan": "C200(US)_V3_1.4.5 Build 251104", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Simone Margaritelli (evilsocket)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).<br>"}], "value": "A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS)."}], "impacts": [{"capecId": "CAPEC-770", "descriptions": [{"lang": "en", "value": "CAPEC-770 Allocation of Resources Without Limits or Throttling"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2025-12-20T00:41:56.823Z"}, "references": [{"url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes"}, {"url": "https://www.tp-link.com/us/support/faq/4849/"}], "source": {"discovery": "UNKNOWN"}, "title": "Buffer Overflow in ONVIF XML Parser on Tapo C200", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS)."}], "id": "CVE-2025-8065", "lastModified": "2025-12-20T01:16:05.410", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2025-12-20T01:16:05.410", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/us/support/faq/4849/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}