CVE-2025-9521

MEDIUM

Omada Controllers - Privilege Escalation

Title source: llm

Description

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0005
EPSS Percentile 15.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE
CWE-522
Status published

Affected Products (1)

tp-link/omada_controller < 6.0

Timeline

Published Jan 26, 2026
Tracked Since Feb 18, 2026