CVE-2025-9521

EUVD-2025-206348
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Common Weakness Enumeration
References
https://support.omadanetworks.com/us/document/115200/
https://support.omadanetworks.com/us/download/software/omada-controller/