CVE 9.3 CRITICAL

Authenticated OS command execution_CVE-2025-7850

October 21, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

Description

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.

AI Analysis

Command injection vulnerability in Omada gateways after admin authentication

Basic Information

ID CVE-2025-7850

Source TPLink

Published Oct 21, 2025 at 00:28

Affected Product

Vendor TP-Link Systems Inc.

Product Omada gateways

Affected Versions TP-Link Systems Inc. Omada gateways 0
TP-Link Systems Inc. Festa gateways 0
TP-Link Systems Inc. Omada Pro gateways 0

CWE Classification

CWE-78

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor TP-Link

Product Omada gateways

References

{
    "lastseen": "",
    "description": "A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.",
    "published": "2025-10-21T00:28:11.589Z",
    "modified": "2025-10-21T00:28:11.589Z",
    "type": "cve",
    "title": "Authenticated OS command execution",
    "source": "TPLink",
    "references": "https://support.omadanetworks.com/en/document/108456/\nhttps://www.omadanetworks.com/us/business-networking/all-omada-router/\nhttps://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/\nhttps://www.tp-link.com/us/business-networking/soho-festa-gateway/",
    "id": "CVE-2025-7850",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "TP-Link Systems Inc. Omada gateways 0\nTP-Link Systems Inc. Festa gateways 0\nTP-Link Systems Inc. Omada Pro gateways 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Omada gateways",
    "version": "0",
    "vendor": "TP-Link Systems Inc.",
    "ai_description": "Command injection vulnerability in Omada gateways after admin authentication",
    "ai_severity": "Critical",
    "ai_vendor": "TP-Link",
    "ai_product": "Omada gateways",
    "ai_version": "0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply