CISA Flags Two Actively Exploited Vulnerabilities: TP-Link Router Reset Flaw and WhatsApp Zero-Day Chain

The Cybersecurity and Infrastructure Security Agency (CISA) has added two new security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation in the wild and urging immediate remediation.

The first vulnerability, CVE-2020-24363 (CVSS 8.8), affects TP-Link TL-WA855RE V5 20200415-rel37464 devices. The flaw arises from missing authentication for a critical function.

CISA warns that an unauthenticated attacker on the same network can exploit this bug by sending a malicious TDDP_RESET POST request, forcing the device to perform a factory reset and reboot.

Following this, the attacker can set a new administrative password, effectively taking control of the router. This scenario not only disrupts network availability but could also allow adversaries to pivot into other connected devices.

The second vulnerability, CVE-2025-55177 (CVSS 5.4), affects WhatsApp for iOS (before v2.25.21.73), WhatsApp Business for iOS (before v2.25.21.78), and WhatsApp for Mac (before v2.25.21.78).

According to Meta’s advisory, the flaw stems from insufficient authorization of linked device synchronization messages. The company notes: the issue “could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.”

Researchers believe this weakness was chained with CVE-2025-43300, an Apple Image I/O framework zero-day, to deliver a sophisticated spyware campaign. Amnesty International’s Donncha Ó Cearbhaill confirmed that WhatsApp has notified an unspecified number of individuals that they believe were targeted by an advanced spyware campaign in the past 90 days using CVE-2025-55177.

He further warned that the exploit was a zero-click attack, meaning victims were compromised without any interaction, and that “government spyware continues to pose a threat to journalists and human rights defenders.”

Given the active exploitation, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply patches and mitigations for both vulnerabilities by September 23, 2025.

For enterprise and consumer users alike:

• TP-Link owners should update firmware immediately or segment vulnerable devices.
• WhatsApp users should ensure their apps are upgraded to the latest versions on iOS and macOS.

Related Posts:

• Apple chip manufacturer TSMC factories infect virus, several factories go offline
• An oil factory in Saudi Arabia was damaged by malicious software
• Trend Micro Fortifies AI Security: Integrates NVIDIA Agentic AI Safety for End-to-End Protection

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy