CVE-2025-9521 — Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirm — CVE Database · The Intelligence Room