CVE-2025-9292 in Omada Cloud Controllerinfo

Zusammenfassung

von MITRE • 13.02.2026

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

TPLink

Reservieren

21.08.2025

Veröffentlichung

13.02.2026

Moderieren

akzeptiert

Eintrag

VDB-345848

CPE

bereit

CWE

CWE-942 (bestätigt)

CVSS

2.7 (VulDB)

EPSS

0.00017

KEV

nein

Aktivitäten

very low

Sektor

Finance, Insurance, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9292
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9292
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9292/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!