CVE-2025-9293
7.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N
Summary
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TP-Link Systems Inc. | Tapo App | 0 < 3.14.111 | affected |
| TP-Link Systems Inc. | Kasa App | 0 < 3.4.350 | affected |
| TP Link Systems Inc. | Omada App | 0 < 4.25.25 | affected |
| TP-Link Systems Inc. | Omada Guard | 0 < 1.1.28 | affected |
| TP-Link Systems Inc. | Tether App | 0 < 4.12.27 | affected |
| TP-Link Systems Inc. | Deco App | 0 < 3.9.163 | affected |
| TP-Link Systems Inc. | Aginet App | 0 < 2.13.6 | affected |
| TP-Link Systems Inc. | tpCamera App | 0 < 3.2.17 | affected |
| TP-Link Systems Inc. | WiFi Toolkit | 0 < 1.4.28 | affected |
| TP-Link Systems Inc. | Festa App | 0 < 1.7.1 | affected |
| TP-Link Systems Inc. | Wi-Fi Navi | 0 < 1.5.5 | affected |
| TP-Link Systems Inc. | KidShield | 0 < 1.1.21 | affected |
| TP-Link Systems Inc. | TP-Partner App | 0 < 2.0.1 | affected |
| TP-Link Systems Inc. | VIGI App | 0 < 2.7.70 | affected |
Weaknesses
- CWE-295: CWE-295 Improper Certificate Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.