Arbitrary OS Command Execution Vulnerability in Omada Networking Products
CVE-2025-6542

9.3CRITICAL

Key Information:

Vendor

Tp-link Systems Inc.

Status
Omada Gateways
Festa Gateways
Omada Pro Gateways
Vendor
CVE Published:
21 October 2025

What is CVE-2025-6542?

A security weakness exists in Omada Networking products that permits a remote unauthenticated attacker to execute arbitrary operating system commands. This vulnerability emphasizes the importance of securing network hardware to prevent unauthorized access and potential exploitation by malicious actors.

Affected Version(s)

Festa gateways 0

Omada gateways 0

Omada Pro gateways 0

References

https://support.omadanetworks.com/en/document/108455/
vendor-advisory
https://www.omadanetworks.com/us/business-networking/all-...
product
https://www.omadanetworks.com/us/business-networking/omad...
product

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-6542 : Arbitrary OS Command Execution Vulnerability in Omada Networking Products