Command Injection Vulnerability in Omada Gateways by TP-Link
CVE-2025-7850

9.3CRITICAL

Key Information:

Vendor

Tp-link Systems Inc.

Status
Omada Gateways
Festa Gateways
Omada Pro Gateways
Vendor
CVE Published:
21 October 2025

What is CVE-2025-7850?

A command injection vulnerability exists in the web portal of Omada gateways that can be exploited post-authentication by an administrator. This flaw allows attackers to execute arbitrary commands on the affected device, compromising the security and integrity of network operations. Users of Omada Router, Omada Pro Router, and SOHO Fest Gateway are advised to review their configurations and apply recommended security updates to protect against potential exploitation.

Affected Version(s)

Festa gateways 0

Omada gateways 0

Omada Pro gateways 0

References

https://support.omadanetworks.com/en/document/108456/
vendor-advisory
https://www.omadanetworks.com/us/business-networking/all-...
product
https://www.omadanetworks.com/us/business-networking/omad...
product

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-7850 : Command Injection Vulnerability in Omada Gateways by TP-Link