CVE-2025-9293
TLS Certificate Validation Bypass Allows Man-in-the-Middle Attacks
Publication date: 2026-02-13
Last updated on: 2026-04-01
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | aginet | to 2.13.6 (exc) |
| tp-link | deco | to 3.9.163 (exc) |
| tp-link | festa | to 1.7.1 (exc) |
| tp-link | kasa | to 3.4.350 (exc) |
| tp-link | kidshield | to 1.1.21 (exc) |
| tp-link | omada | to 4.25.25 (exc) |
| tp-link | omada_guard | to 1.1.28 (exc) |
| tp-link | tapo | to 3.14.111 (exc) |
| tp-link | tether | to 4.12.27 (exc) |
| tp-link | tp-partner | to 2.0.1 (exc) |
| tp-link | tpcamera | to 3.2.17 (exc) |
| tp-link | vigi | to 2.7.70 (exc) |
| tp-link | wi-fi_navi | to 1.5.5 (exc) |
| tp-link | wifi_toolkit | to 1.4.28 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9293 is a high-severity vulnerability found in multiple TP-Link mobile applications. It stems from insufficient certificate validation during TLS communications, causing the applications to accept untrusted or improperly validated server identities.
This flaw allows an attacker who is positioned within a privileged network (man-in-the-middle) to intercept or modify the encrypted traffic between the mobile app and its server.
Successful exploitation compromises the confidentiality, integrity, and availability of the application data.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to intercept or alter the data transmitted between your TP-Link mobile application and its server.
This can lead to exposure of sensitive information, unauthorized data modification, and disruption of application services, thereby compromising confidentiality, integrity, and availability of your application data.
Users who do not update their affected TP-Link mobile applications remain vulnerable to man-in-the-middle attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users of affected TP-Link mobile applications should immediately update to the latest versions available on the Google Play Store.
- Update Tapo to version 3.14.111 or later.
- Update Kasa to version 3.4.350 or later.
- Update Omada to version 4.25.25 or later.
- Update Omada Guard to version 1.1.28 or later.
- Update Tether to version 4.12.27 or later.
- Update Deco to version 3.9.163 or later.
- Update Aginet to version 2.13.6 or later.
- Update tpCamera to version 3.2.17 or later.
- Update WiFi Toolkit to version 1.4.28 or later.
- Update Festa to version 1.7.1 or later.
- Update Wi-Fi Navi to version 1.5.5 or later.
- Update KidShield to version 1.1.21 or later.
- Update TP-Partner to version 2.0.1 or later.
- Update VIGI to version 2.7.70 or later.
Note that iOS applications are not affected by this issue.
Failure to update leaves the applications vulnerable to man-in-the-middle attacks, potentially exposing sensitive data and compromising application security.