Unrated severityNVD Advisory· Published Jan 22, 2026· Updated Jan 23, 2026

Cross-Site Scripting (XSS) on Omada Controllers

CVE-2025-9289

Description

A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.

Affected products

Tp Link Systems Inc./Omada Software Controllerv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.omadanetworks.com/us/download/mitrepatch
support.omadanetworks.com/us/document/114950/mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000