A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://www.tp-link.com/us/support/faq/4969/ |
|
History
Fri, 13 Feb 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data. | |
| Title | Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception | |
| Weaknesses | CWE-295 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: TPLink
Published:
Updated: 2026-02-13T00:22:27.459Z
Reserved: 2025-08-20T22:29:42.732Z
Link: CVE-2025-9293
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-02-13T02:16:46.523
Modified: 2026-02-13T02:16:46.523
Link: CVE-2025-9293
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses