CVE-2025-9293

Summary

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.Tapo App0 < 3.14.111affected
TP-Link Systems Inc.Kasa App0 < 3.4.350affected
TP Link Systems Inc.Omada App0 < 4.25.25affected
TP-Link Systems Inc.Omada Guard0 < 1.1.28affected
TP-Link Systems Inc.Tether App0 < 4.12.27affected
TP-Link Systems Inc.Deco App0 < 3.9.163affected
TP-Link Systems Inc.Aginet App0 < 2.13.6affected
TP-Link Systems Inc.tpCamera App0 < 3.2.17affected
TP-Link Systems Inc.WiFi Toolkit0 < 1.4.28affected
TP-Link Systems Inc.Festa App0 < 1.7.1affected
TP-Link Systems Inc.Wi-Fi Navi0 < 1.5.5affected
TP-Link Systems Inc.KidShield0 < 1.1.21affected
TP-Link Systems Inc.TP-Partner App0 < 2.0.1affected
TP-Link Systems Inc.VIGI App0 < 2.7.70affected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References