CISA has added critical vulnerabilities in WhatsApp and TP-link devices to its Known Exploited Vulnerabilities catalog, highlighting recent cyber threats. These vulnerabilities pose risks to both individual users and federal agencies if not addressed promptly. #CISA #TPLinkVulnerabilities #WhatsAppExploits
Keypoints
- CVE-2020-24363 is a missing authentication flaw in TP-Link TL-WA855RE devices, allowing unauthorized resets.
- CVE-2025-55177 is an authorization bypass affecting WhatsApp on iOS and macOS, exploited in zero-click attacks.
- WhatsApp users are advised to update their app and enable security features after targeted spyware campaigns.
- The exploited vulnerabilities include issues patched by Apple and WhatsApp but still pose residual risks.
- CISA directs federal agencies to address these vulnerabilities by September 23, 2025, to mitigate potential attacks.