CVE-2025-9289

Name of the Vulnerable Software and Affected Versions Omada Controllers (affected versions not specified)

Description A Cross-Site Scripting (XSS) issue exists in a parameter within Omada Controllers because of insufficient input sanitization. Successful exploitation requires specific conditions, including network positioning or impersonating a trusted entity, and interaction from an authenticated administrator. An attacker could potentially execute arbitrary JavaScript code in the administrator's browser, which may lead to the disclosure of sensitive information and compromise confidentiality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.