CVE-2025-9521

Published: Jan 26, 2026

Modified: Feb 3, 2026

PUBLISHED

Description

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security.

Vendor	Product	Versions
TP-Link Systems Inc.	Omada Controller	affected `0 - < 6.0`

Weaknesses (CWE)

CWE-522

References

https://support.omadanetworks.com/us/document/115200/

vendor-advisory

https://support.omadanetworks.com/us/download/software/omada-controller/

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-9521

Description

Affected Products

Weaknesses (CWE)

References