7.5
CVE-2025-9292
- EPSS 0.02%
- Veröffentlicht 13.02.2026 00:21:24
- Zuletzt bearbeitet 01.04.2026 20:52:43
- Quelle f23511db-6c3e-4e32-a477-6aa17d
- CVE-Watchlists
- Unerledigt
Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-link ≫ Omada Guard Version < 1.1.28
Tp-link ≫ Tp-partner Version < 2.0.1
Tp-link ≫ Wi-fi Navi Version < 1.5.5
Tp-link ≫ Wifi Toolkit Version < 1.4.28
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.039 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| f23511db-6c3e-4e32-a477-6aa17d310630 | 2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-942 Permissive Cross-domain Policy with Untrusted Domains
The product uses a cross-domain policy file that includes domains that should not be trusted.