Particle.news
Download on the App Store
5 ARTICLES
·
2h ago

CISA Adds TP‑Link Extender and WhatsApp Flaws to KEV, Orders Federal Fixes by Sept. 23

The move triggers a September 23 federal remediation deadline under CISA’s binding directive.

CISA Adds TP-Link Wi-Fi and WhatsApp Spyware Flaws to KEV List
Image
Image

Overview

  • CISA added CVE-2020-24363 (TP‑Link TL‑WA855RE) and CVE-2025-55177 (WhatsApp) to the Known Exploited Vulnerabilities list after confirming in-the-wild use.
  • The TP‑Link flaw lets an unauthenticated, network‑adjacent attacker trigger a factory reset and set a new admin password on the extender.
  • Because the affected extender is end‑of‑life, users are urged to replace the hardware rather than expect further fixes.
  • WhatsApp says fewer than 200 users received threat notifications tied to a highly targeted spyware campaign that chained its bug with Apple’s zero‑click CVE‑2025‑43300.
  • Federal civilian agencies must remediate by September 23 under BOD 22‑01, while CISA has not disclosed exploit methods, attribution, or scale.