Vulnerability Description:
Multiple vulnerabilities in Omada Controllers are stated below.
- CVE-2025-9520: An IDOR vulnerability exists that allows an attacker with Administrator permission to manipulate requests and potentially hijack the Owner account.
- CVE-2025-9521: Password Confirmation Bypass vulnerability, allowing an attacker with a valid session token to bypass secondary verification.
- CVE-2025-9522: Blind Server-Side Request Forgery (SSRF) through webhook functionality, enabling crafted requests to internal services.
Impacts:
CVE-2025-9520:
Full takeover of the Owner account, granting complete administrative control over Omada Controller and connected services.
CVSS v4.0 Score: 8.3 / High
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:L
CVE-2025-9521:
An attacker with a valid session token may be able to bypass secondary verification and change the user’s password without proper confirmation, leading to weakened account security.
CVSS v4.0 Score: 2.1 / Low
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2025-9522:
It may allow enumeration of information.
CVSS v4.0 Score: 5.1 / Medium
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products/Versions and Fixes:
|
Affected Product Model |
Related Vulnerabilities |
Affected Version |
Fixed Version |
|
Omada Controllers |
CVE-2025-9520 |
< 6.0 |
>= 6.0 |
Recommendation(s):
We strongly recommend that users with the affected device(s) take the following action(s):
- Download and update to the latest software to fix the vulnerabilities.
US: Firmware Download | Omada Network Support
EN: Firmware Download | Omada Network Support
Disclaimer:
If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory.
