CVE-2025-9293

High

Published: 13 February 2026

Published

13 February 2026

Modified

01 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 2.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9293 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Tp-Link Aginet. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 2.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-17 Public Key Infrastructure Certificates good match

prevent

Directly mandates management and validation of PKI certificates to prevent acceptance of untrusted or improperly validated server identities in TLS communications.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of flaws like this certificate validation vulnerability through patching or updates as per vendor advisories.

SC-8 Transmission Confidentiality and Integrity partial match

prevent

Ensures cryptographic protection for transmission confidentiality and integrity, mitigating interception and modification risks from MiTM attacks exploiting poor certificate validation.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

Improper certificate validation (CWE-295) directly enables successful Adversary-in-the-Middle attacks by allowing an on-path attacker to present untrusted certificates that the client will accept, facilitating traffic interception and modification.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position…

themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.

Deeper analysisAI

CVE-2025-9293 is a vulnerability in the certificate validation logic that may allow applications to accept untrusted or improperly validated server identities during TLS communication. It affects products from vendors including TP-Link and Omada Networks, as detailed in their respective advisories. Classified under CWE-295 (Improper Certificate Validation), the issue carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-02-13.

An attacker in a privileged network position who can position themselves within the communication channel may exploit this vulnerability to intercept or modify traffic. No privileges or user interaction are required, though high attack complexity is involved, likely due to the need for such positioning. Successful exploitation can compromise the confidentiality, integrity, and availability of application data.

Vendor advisories provide guidance on mitigation. Details are available from Omada Networks at https://www.omadanetworks.com/us/support/faq/4969/ and from TP-Link at https://www.tp-link.com/us/support/faq/4969/.

Details

CWE(s): CWE-295

Affected Products

tp-link

aginet

≤ 2.13.6

tp-link

deco

≤ 3.9.163

tp-link

festa

≤ 1.7.1

tp-link

kasa

≤ 3.4.350

tp-link

kidshield

≤ 1.1.21

tp-link

omada

≤ 4.25.25

tp-link

omada guard

≤ 1.1.28

tp-link

tapo

≤ 3.14.111

tp-link

tether

≤ 4.12.27

tp-link

tp-partner

≤ 2.0.1

+4 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2025-9292Same product: Tp-Link Aginet

CVE-2025-15557Same vendor: Tp-Link

CVE-2025-62501Same vendor: Tp-Link

CVE-2025-1193Shared CWE-295

CVE-2025-46788Shared CWE-295

CVE-2026-33810Shared CWE-295

CVE-2026-32627Shared CWE-295

CVE-2024-55581Shared CWE-295

CVE-2025-11043Shared CWE-295

CVE-2026-4434Shared CWE-295

References

https://www.omadanetworks.com/us/support/faq/4969/
Vendor Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/us/support/faq/4969/
Vendor Advisory · f23511db-6c3e-4e32-a477-6aa17d310630