CVE-2025-9293 - Vulnerability Details

CVE-2025-9293 - Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TP-Link Systems Inc.

Tapo App

unaffected

Version	Status	Constraints
`0`	affected	< 3.14.111

TP-Link Systems Inc.

Kasa App

unaffected

Version	Status	Constraints
`0`	affected	< 3.4.350

TP Link Systems Inc.

Omada App

unaffected

Version	Status	Constraints
`0`	affected	< 4.25.25

TP-Link Systems Inc.

Omada Guard

unaffected

Version	Status	Constraints
`0`	affected	< 1.1.28

TP-Link Systems Inc.

Tether App

unaffected

Version	Status	Constraints
`0`	affected	< 4.12.27

TP-Link Systems Inc.

Deco App

unaffected

Version	Status	Constraints
`0`	affected	< 3.9.163

TP-Link Systems Inc.

Aginet App

unaffected

Version	Status	Constraints
`0`	affected	< 2.13.6

TP-Link Systems Inc.

tpCamera App

unaffected

Version	Status	Constraints
`0`	affected	< 3.2.17

TP-Link Systems Inc.

WiFi Toolkit

unaffected

Version	Status	Constraints
`0`	affected	< 1.4.28

TP-Link Systems Inc.

Festa App

unaffected

Version	Status	Constraints
`0`	affected	< 1.7.1

TP-Link Systems Inc.

Wi-Fi Navi

unaffected

Version	Status	Constraints
`0`	affected	< 1.5.5

TP-Link Systems Inc.

KidShield

unaffected

Version	Status	Constraints
`0`	affected	< 1.1.21

TP-Link Systems Inc.

TP-Partner App

unaffected

Version	Status	Constraints
`0`	affected	< 2.0.1

TP-Link Systems Inc.

VIGI App

unaffected

Version	Status	Constraints
`0`	affected	< 2.7.70

Configuration 1 [-]

OR	cpe:2.3:a:tp-link:aginet::::::::
	cpe:2.3:a:tp-link:deco::::::::
	cpe:2.3:a:tp-link:festa::::::::
	cpe:2.3:a:tp-link:kasa::::::::
	cpe:2.3:a:tp-link:kidshield::::::::
	cpe:2.3:a:tp-link:omada::::::::
	cpe:2.3:a:tp-link:omada_guard::::::::
	cpe:2.3:a:tp-link:tapo::::::::
	cpe:2.3:a:tp-link:tether::::::::
	cpe:2.3:a:tp-link:tp-partner::::::::
	cpe:2.3:a:tp-link:tpcamera::::::::
	cpe:2.3:a:tp-link:vigi::::::::
	cpe:2.3:a:tp-link:wi-fi_navi::::::::
	cpe:2.3:a:tp-link:wifi_toolkit::::::::

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Tp-link Subscribe	Aginet App Subscribe Deco App Subscribe Festa App Subscribe Kasa App Subscribe Kidshield Subscribe Omada Guard Subscribe Tapo App Subscribe Tether App Subscribe Tp-partner App Subscribe Tpcamera App Subscribe Vigi App Subscribe Wi-fi Navi Subscribe Wifi Toolkit Subscribe
Tp Link Subscribe	Omada App Subscribe

Project Subscriptions

Vendors	Products
Tp-link Subscribe	Aginet Subscribe Aginet App Subscribe Deco Subscribe Deco App Subscribe Festa Subscribe Festa App Subscribe Kasa Subscribe Kasa App Subscribe Kidshield Subscribe Omada Subscribe Omada Guard Subscribe Tapo Subscribe Tapo App Subscribe Tether Subscribe Tether App Subscribe Tp-partner Subscribe Tp-partner App Subscribe Tpcamera Subscribe Tpcamera App Subscribe Vigi Subscribe Vigi App Subscribe Wi-fi Navi Subscribe Wifi Toolkit Subscribe
Tp Link Subscribe	Omada App Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.omadanetworks.com/us/support/faq/4969/
https://www.tp-link.com/us/support/faq/4969/

History

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link aginet Tp-link deco Tp-link festa Tp-link kasa Tp-link omada Tp-link tapo Tp-link tether Tp-link tp-partner Tp-link tpcamera Tp-link vigi
CPEs		cpe:2.3:a:tp-link:aginet:::::::: cpe:2.3:a:tp-link:deco:::::::: cpe:2.3:a:tp-link:festa:::::::: cpe:2.3:a:tp-link:kasa:::::::: cpe:2.3:a:tp-link:kidshield:::::::: cpe:2.3:a:tp-link:omada:::::::: cpe:2.3:a:tp-link:omada_guard:::::::: cpe:2.3:a:tp-link:tapo:::::::: cpe:2.3:a:tp-link:tether:::::::: cpe:2.3:a:tp-link:tp-partner:::::::: cpe:2.3:a:tp-link:tpcamera:::::::: cpe:2.3:a:tp-link:vigi:::::::: cpe:2.3:a:tp-link:wi-fi_navi:::::::: cpe:2.3:a:tp-link:wifi_toolkit::::::::
Vendors & Products		Tp-link aginet Tp-link deco Tp-link festa Tp-link kasa Tp-link omada Tp-link tapo Tp-link tether Tp-link tp-partner Tp-link tpcamera Tp-link vigi
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 13 Feb 2026 22:30:00 +0000

Type	Values Removed	Values Added
References		https://www.omadanetworks.com/us/support/faq/4969/

Fri, 13 Feb 2026 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link Tp-link aginet App Tp-link deco App Tp-link festa App Tp-link kasa App Tp-link kidshield Tp-link omada Guard Tp-link tapo App Tp-link tether App Tp-link tp-partner App Tp-link tpcamera App Tp-link vigi App Tp-link wi-fi Navi Tp-link wifi Toolkit Tp Link Tp Link omada App
Vendors & Products		Tp-link Tp-link aginet App Tp-link deco App Tp-link festa App Tp-link kasa App Tp-link kidshield Tp-link omada Guard Tp-link tapo App Tp-link tether App Tp-link tp-partner App Tp-link tpcamera App Tp-link vigi App Tp-link wi-fi Navi Tp-link wifi Toolkit Tp Link Tp Link omada App

Fri, 13 Feb 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 13 Feb 2026 01:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.
Title		Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception
Weaknesses		CWE-295
References		https://www.tp-link.com/us/support/faq/4969/
Metrics		cvssV4_0 `{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2026-02-13T00:22:27.459Z

Updated: 2026-02-13T22:10:15.723Z

Reserved: 2025-08-20T22:29:42.732Z

Link: CVE-2025-9293

Vulnrichment

Updated: 2026-02-13T13:17:16.362Z

NVD

Status : Analyzed

Published: 2026-02-13T02:16:46.523

Modified: 2026-04-01T20:49:52.653

Link: CVE-2025-9293

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-02-13T21:28:52Z

Weaknesses

CWE-295

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object