The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a WhatsApp flaw and a TP-Link vulnerability to its list of Known Exploited Vulnerabilities. Federal agencies are now required to patch these issues by September 23, 2025.
TP-Link Flaw
The vulnerability, CVE-2020-24363, is a missing authentication flaw in the TP-Link TL-WA855RE Wi-Fi extender. An attacker on the same network can exploit this to perform a factory reset and change the admin password. The product has reached its end of life, so no further patches are expected. CISA advises that users replace the device entirely.
WhatsApp Flaw
The WhatsApp vulnerability, CVE-2025-55177, is a zero-click exploit that was used in a spyware campaign against civil society members on both iOS and Android. The attack allowed a malicious message to compromise a user's device without any interaction from the victim. Researchers at Amnesty International found that the exploit targeted an authorization bypass issue on iOS and macOS, forcing content from a malicious URL to be rendered. WhatsApp has since patched the flaw. The company has sent out notifications to users believed to have been targeted and is urging them to update their app and enable enhanced security measures.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
