CVE-2025-9292 in Omada Cloud Controllerinformação

Sumário

de MITRE • 13/02/2026

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

TPLink

Reservar

21/08/2025

Divulgação

13/02/2026

Moderação

aceite

Entrada

VDB-345848

CPE

pronto

CWE

CWE-942 (confirmado)

CVSS

2.7 (VulDB)

EPSS

0.00017

KEV

não

Atividades

muito baixo

Sector

Education, Lawfirm, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9292
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9292
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9292/

◂ Voltar Visão Geral Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!