Buffer Overflow Vulnerability in Tapo C200 V3 by TP-Link
CVE-2025-8065

7.1HIGH

Key Information:

Vendor: Tp-link Systems Inc.
Status: Tapo C200 V3
Vendor: CVE Published:; 20 December 2025

🔔 Create Tp-link Systems Inc. Vulnerability Alert

What is CVE-2025-8065?

A buffer overflow vulnerability has been identified in the ONVIF XML parser of the Tapo C200 V3 camera by TP-Link. An unauthenticated attacker on the same local network can exploit this flaw by sending specially crafted SOAP XML requests. These requests may lead to a memory overflow, causing the device to crash and resulting in a denial-of-service condition, which impacts the camera's functionality.

Affected Version(s)

Tapo C200 V3 0

References

https://www.tp-link.com/us/support/download/tapo-c200/v3/...

https://www.tp-link.com/us/support/faq/4849/

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 20, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

Simone Margaritelli (evilsocket)

JSON