CVE-2025-4975

When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.

CVSS

No CVSS.

References

Link	Resource
https://play.google.com/store/apps/details?id=com.tplink.iot&hl=en_US
https://www.tp-link.com/us/support/faq/4464/

Configurations

No configuration.

History

23 May 2025, 15:54

Type	Values Removed	Values Added
Summary		(es) Cuando aparece una notificación relacionada con batería baja para un usuario con quien se ha compartido el dispositivo, al tocar la notificación se otorga acceso completo a la configuración de energía de ese dispositivo.

22 May 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-22 22:15

Updated : 2025-05-23 15:54

NVD link : CVE-2025-4975

Mitre link : CVE-2025-4975

CVE.ORG link : CVE-2025-4975

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2025-4975", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-22T22:15:31.043", "references": [{"url": "https://play.google.com/store/apps/details?id=com.tplink.iot&hl=en_US", "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/faq/4464/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."}, {"lang": "es", "value": "Cuando aparece una notificaci\u00f3n relacionada con bater\u00eda baja para un usuario con quien se ha compartido el dispositivo, al tocar la notificaci\u00f3n se otorga acceso completo a la configuraci\u00f3n de energ\u00eda de ese dispositivo."}], "lastModified": "2025-05-23T15:54:42.643", "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630"}

JSON object

Attach tags to CVE-2025-4975

Attach tags to `CVE-2025-4975`