RCE in Jurajnyiri Homeassistant-tapo-control
CVE-2025-55192
HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect user…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.003 (23.7th percentile) — read the EPSS interpretation.
Affected products
- Jurajnyiri Homeassistant-tapo-control — versions < 2a3b80ff128ddf4f410c97dd47a94343792ce43c
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-55192?
- CVE-2025-55192 is a vulnerability in Jurajnyiri Homeassistant-tapo-control, classified under Code Injection. Published 2025-08-14.
- Is CVE-2025-55192 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.