Notification Access Vulnerability in TP-Link Smart Devices
CVE-2025-4975

4.8MEDIUM

Key Information:

Vendor

Tp-link Systems Inc.

Status
Tp-link Tapo App
Vendor
CVE Published:
22 May 2025

What is CVE-2025-4975?

A security concern has been identified in TP-Link smart devices, where users can unintentionally grant full access to power settings when interacting with low battery notifications on shared devices. This vulnerability raises significant concerns about the security of shared user configurations and the potential for unauthorized manipulation of device functionalities.

Affected Version(s)

TP-Link Tapo app Android 0 < 3.10.513

References

https://www.tp-link.com/us/support/faq/4464/
https://play.google.com/store/apps/details?id=com.tplink....

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.