{"api_version":"1","generated_at":"2026-04-23T01:19:42+00:00","cve":"CVE-2025-9293","urls":{"html":"https://cve.report/CVE-2025-9293","api":"https://cve.report/api/cve/CVE-2025-9293.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-9293","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-9293"},"summary":{"title":"Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception","description":"A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel.  Successful exploitation may compromise confidentiality, integrity, and availability of application data.","state":"PUBLISHED","assigner":"TPLink","published_at":"2026-02-13 02:16:46","updated_at":"2026-04-01 20:49:52"},"problem_types":["CWE-295","CWE-295 CWE-295 Improper Certificate Validation"],"metrics":[{"version":"4.0","source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","score":"7.7","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"7.7","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":7.7,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://www.tp-link.com/us/support/faq/4969/","name":"https://www.tp-link.com/us/support/faq/4969/","refsource":"f23511db-6c3e-4e32-a477-6aa17d310630","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.omadanetworks.com/us/support/faq/4969/","name":"https://www.omadanetworks.com/us/support/faq/4969/","refsource":"f23511db-6c3e-4e32-a477-6aa17d310630","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-9293","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9293","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"Tapo App","version":"affected 3.14.111 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"Kasa App","version":"affected 3.4.350 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP Link Systems Inc.","product":"Omada App","version":"affected 4.25.25 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"Omada Guard","version":"affected 1.1.28 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"Tether App","version":"affected 4.12.27 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"Deco App","version":"affected 3.9.163 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"Aginet App","version":"affected 2.13.6 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"tpCamera App","version":"affected 3.2.17 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"WiFi Toolkit","version":"affected 1.4.28 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"Festa App","version":"affected 1.7.1 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"Wi-Fi Navi","version":"affected 1.5.5 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"KidShield","version":"affected 1.1.21 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"TP-Partner App","version":"affected 2.0.1 custom","platforms":["Android"]},{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"VIGI App","version":"affected 2.7.70 custom","platforms":["Android"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Francesco La Spina, Stanislav Dashevskyi from Forescout Technologies","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"aginet","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"deco","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"festa","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"kasa","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"kidshield","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"omada","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"omada_guard","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"tapo","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"tether","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"tp-partner","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"tpcamera","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"vigi","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"wi-fi_navi","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9293","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tp-link","cpe5":"wifi_toolkit","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"9293","cve":"CVE-2025-9293","epss":"0.000140000","percentile":"0.024670000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:17"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-9293","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-02-13T13:16:36.092254Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-02-13T13:17:20.477Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"Tapo App","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"3.14.111","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"Kasa App","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"3.4.350","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"Omada App","vendor":"TP Link Systems Inc.","versions":[{"lessThan":"4.25.25","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"Omada Guard","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"1.1.28","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"Tether App","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"4.12.27","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"Deco App","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"3.9.163","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"Aginet App","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"2.13.6","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"tpCamera App","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"3.2.17","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"WiFi Toolkit","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"1.4.28","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"Festa App","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"1.7.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"Wi-Fi Navi","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"1.5.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"KidShield","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"1.1.21","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"TP-Partner App","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"2.0.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["mobile app"],"platforms":["Android"],"product":"VIGI App","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"2.7.70","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Francesco La Spina, Stanislav Dashevskyi from Forescout Technologies"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel.  Successful exploitation may compromise confidentiality, integrity, and availability of application data."}],"value":"A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel.  Successful exploitation may compromise confidentiality, integrity, and availability of application data."}],"impacts":[{"capecId":"CAPEC-94","descriptions":[{"lang":"en","value":"CAPEC-94 Adversary in the Middle (AiTM)"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":7.7,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"CWE-295 Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-02-13T22:10:15.723Z","orgId":"f23511db-6c3e-4e32-a477-6aa17d310630","shortName":"TPLink"},"references":[{"tags":["vendor-advisory"],"url":"https://www.tp-link.com/us/support/faq/4969/"},{"tags":["vendor-advisory"],"url":"https://www.omadanetworks.com/us/support/faq/4969/"}],"source":{"discovery":"UNKNOWN"},"title":"Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception","x_generator":{"engine":"Vulnogram 0.5.0"}}},"cveMetadata":{"assignerOrgId":"f23511db-6c3e-4e32-a477-6aa17d310630","assignerShortName":"TPLink","cveId":"CVE-2025-9293","datePublished":"2026-02-13T00:22:27.459Z","dateReserved":"2025-08-20T22:29:42.732Z","dateUpdated":"2026-02-13T22:10:15.723Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-02-13 02:16:46","lastModifiedDate":"2026-04-01 20:49:52","problem_types":["CWE-295","CWE-295 CWE-295 Improper Certificate Validation"],"metrics":{"cvssMetricV40":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:aginet:*:*:*:*:*:*:*:*","versionEndExcluding":"2.13.6","matchCriteriaId":"917B801C-D1EE-498D-9D89-7CD6FDF22096"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:deco:*:*:*:*:*:*:*:*","versionEndExcluding":"3.9.163","matchCriteriaId":"74600A45-B793-4C34-9C72-8BAED1555097"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:festa:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.1","matchCriteriaId":"8C4235A8-87CF-48F8-B0BD-96124FDA850B"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:kasa:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.350","matchCriteriaId":"27D5C0B8-67C4-440B-A0B5-B0B4E8126DC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:kidshield:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1.21","matchCriteriaId":"E50BF815-D85D-437C-891E-61B49F6E9AC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:omada:*:*:*:*:*:*:*:*","versionEndExcluding":"4.25.25","matchCriteriaId":"6B2DD98D-424D-453A-B472-9E7349E4B887"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:omada_guard:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1.28","matchCriteriaId":"1EE9425F-E87A-4C39-8F4D-3CEEC10B92D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:tapo:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14.111","matchCriteriaId":"857482B8-F8BA-4F53-BE48-55FC91FD32CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:tether:*:*:*:*:*:*:*:*","versionEndExcluding":"4.12.27","matchCriteriaId":"50BFDEFF-D76D-4AAB-8DDB-4620F5584A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:tp-partner:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.1","matchCriteriaId":"682309A2-16A9-483F-A789-0C1A412A7005"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:tpcamera:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.17","matchCriteriaId":"BE3C3AA7-1F72-466B-B0AA-F26D43E4A301"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:vigi:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.70","matchCriteriaId":"3563E8AC-D931-4C07-BD5F-D35DB9BC8456"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:wi-fi_navi:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.5","matchCriteriaId":"51EF281C-A391-49C2-A826-F2C2E46D820D"},{"vulnerable":true,"criteria":"cpe:2.3:a:tp-link:wifi_toolkit:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.28","matchCriteriaId":"BFD2DCF8-1D59-478F-868D-3D503D68B009"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"9293","Ordinal":"1","Title":"Insufficient Certificate Validation in Multiple Mobile Applicati","CVE":"CVE-2025-9293","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"9293","Ordinal":"1","NoteData":"A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel.  Successful exploitation may compromise confidentiality, integrity, and availability of application data.","Type":"Description","Title":"Insufficient Certificate Validation in Multiple Mobile Applicati"}]}}}