216.73.217.50

CVE-2025-9292

· Published 13/02/2026 02:16 · Modified 13/02/2026 23:16

Labels: CVE-2025-9292 2026-02-13CVE-2025-9292CWE-942f23511db-6c3e-4e32-a477-6aa17d310630

Essential information

Published
13/02/2026 02:16
Modified
13/02/2026 23:16
Author
Creator
CVSS
2.0 LOW (v3) 2.0 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
f23511db-6c3e-4e32-a477-6aa17d310630
NVD
View on NVD

Affected products (CPE)

ProductCPE
tp-link / omada cloud controller cpe:2.3:a:tp-link:omada_cloud_controller:*:*:*:*:*:*:*:*

References