CVE-2025-9520 | THREATINT

Description

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.

PUBLISHED Reserved 2025-08-27 | Published 2026-01-26 | Updated 2026-01-26 | Assigner TPLink

HIGH: 8.3CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:L

Problem types

CWE-639 Authorization Bypass Through User-Controlled Key

Product status

Default status

unknown

Any version before 6.0

affected

Credits

Eduardo Bido on behalf of Thoropass finder

References

support.omadanetworks.com/us/document/115200/ vendor-advisory

support.omadanetworks.com/...load/software/omada-controller/ patch

cve.org (CVE-2025-9520)

nvd.nist.gov (CVE-2025-9520)

Download JSON