Omada Controller
CVE-2025-9522
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.
AnalysisAI
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information. [CVSS 5.3 MEDIUM]
Technical ContextAI
Classified as CWE-918 (Server-Side Request Forgery (SSRF)). Affects the webhook component of Omada Controller. Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Omada Controller
View allTP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.p
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate r
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypa
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption d
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sani
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today