VYPR
High severity7.5NVD Advisory· Published Feb 13, 2026· Updated Apr 1, 2026

CVE-2025-9292

CVE-2025-9292

Description

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

15

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.