CVE-2025-9293

HIGH

Certificate Validation Logic - Info Disclosure

Title source: llm

Description

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.

References (2)

[Various Sources] https://www.tp-link.com/us/support/faq/4969/

[Various Sources] https://www.omadanetworks.com/us/support/faq/4969/

Scores

CVSS v3 8.1

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-295

Status published

Products (28)

TP Link Systems Inc./Omada App < 4.25.25

tp-link/aginet < 2.13.6

tp-link/deco < 3.9.163

tp-link/festa < 1.7.1

tp-link/kasa < 3.4.350

tp-link/kidshield < 1.1.21

tp-link/omada < 4.25.25

tp-link/omada_guard < 1.1.28

tp-link/tapo < 3.14.111

tp-link/tether < 4.12.27

... and 18 more

Published Feb 13, 2026

Tracked Since Feb 18, 2026