CVE-2025-9293 - Vulnerability Details

CVE-2025-9293 - Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

References

Link	Providers
https://www.tp-link.com/us/support/faq/4969/

History

Fri, 13 Feb 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 13 Feb 2026 01:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.
Title		Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception
Weaknesses		CWE-295
References		https://www.tp-link.com/us/support/faq/4969/
Metrics		cvssV4_0 `{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2026-02-13T00:22:27.459Z

Updated: 2026-02-13T13:17:20.477Z

Reserved: 2025-08-20T22:29:42.732Z

Link: CVE-2025-9293

Vulnrichment

Updated: 2026-02-13T13:17:16.362Z

NVD

Status : Awaiting Analysis

Published: 2026-02-13T02:16:46.523

Modified: 2026-02-13T14:23:48.007

Link: CVE-2025-9293

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object