Critical Cybersecurity Alert: WhatsApp and TP-Link Vulnerabilities Now in CISA’s High-Risk Catalog

Listen to this Post

Featured Image
In a significant move to bolster U.S. cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) has added critical vulnerabilities in WhatsApp and TP-Link devices to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities pose serious threats, potentially allowing attackers to hijack devices, bypass security measures, and compromise sensitive data without any user interaction. Federal agencies are now required to address these flaws immediately, while private organizations are strongly urged to take preventive action.

Overview of the Vulnerabilities

CISA’s KEV update highlights two major threats:

TP-Link TL-WA855RE Wi-Fi Extender (CVE-2020-24363, CVSS 8.8)

The TP-Link TL-WA855RE suffers from a missing authentication flaw. Attackers on the same network could exploit this vulnerability to factory reset the device and assign a new administrator password. While the flaw was patched in firmware TL-WA855RE(EU)_V5_200731, the device has reached End-of-Life (EoL), meaning no further updates are expected. Users are strongly advised to replace the device to avoid potential compromise.

WhatsApp Zero-Click Exploit (CVE-2025-55177)

A new, highly sophisticated zero-click exploit targeted WhatsApp users on iOS and macOS, allowing attackers to compromise devices without any interaction from the victim. AmnestyTech’s Donncha Ó Cearbhaill reported that this exploit was likely part of a larger, well-resourced spyware campaign, possibly linked to state-sponsored actors. WhatsApp has issued notifications to users believed to be targeted and confirmed that the flaw has been patched.

The vulnerability exploited an authorization bypass, forcing “content from arbitrary URL” to render on the device, compromising both personal data and device integrity. Apple’s recent CVE-2025-43300 patch addressed another component of this attack. Both iPhone and Android users, including civil society members, were affected.

Federal guidance under BOD 22-01 requires agencies to remediate these vulnerabilities by September 23, 2025, emphasizing the urgency of mitigating risks in both public and private networks.

What Undercode Say:

The inclusion of WhatsApp and TP-Link vulnerabilities in CISA’s KEV catalog underscores a growing trend in cybersecurity: the weaponization of zero-click exploits and legacy device vulnerabilities. The TP-Link flaw exemplifies a common lifecycle risk—devices reaching EoL are inherently insecure, and patching alone is insufficient; replacement is the safest course. Organizations often underestimate these risks, but attackers frequently target older, unpatched devices to gain footholds in networks.

The WhatsApp zero-click attack is especially alarming because it bypasses traditional security hygiene measures. No phishing links, downloads, or interactions are required, making detection incredibly difficult. This type of exploit signals a shift toward more automated, invisible attacks, likely leveraged by sophisticated actors including state-sponsored groups. Companies and individuals must adopt proactive security strategies: regular updates, device audits, endpoint monitoring, and user awareness campaigns.

The broader implication is clear: vulnerabilities in widely used applications and consumer-grade devices can quickly evolve into high-risk national security issues. Federal agencies must not only comply with directives but also anticipate attackers’ next moves. For private sectors, the KEV catalog is a roadmap of urgent priorities; ignoring it could lead to severe operational, financial, and reputational damage.

Mitigation must combine patching, monitoring, and strategic device replacement. Endpoint security tools that detect anomalous device behavior can help, but user vigilance remains crucial. Awareness campaigns tailored to zero-click exploit risks could reduce impact, particularly in high-value targets like journalists, activists, and corporate executives.

Finally, the pace of exploit development emphasizes the need for real-time threat intelligence sharing. Organizations cannot wait for a vulnerability to be publicly exploited; preemptive measures informed by credible intelligence are now essential to maintain cyber resilience.

🔍 Fact Checker Results

✅ CVE-2020-24363 and CVE-2025-55177 are confirmed and added to CISA’s KEV catalog.
✅ WhatsApp zero-click exploit affects iOS and macOS, targeting users without interaction.
✅ TP-Link TL-WA855RE is EoL; firmware update exists but no further patches will be issued.

📊 Prediction

Looking ahead, zero-click exploits will likely become more frequent and harder to detect, particularly in messaging platforms and IoT devices. Expect federal and private entities to accelerate proactive measures, including automatic patching policies, replacement of legacy hardware, and advanced behavioral monitoring. In the next 12–18 months, regulatory bodies may extend KEV-like mandates to private sectors, elevating compliance pressure. Organizations failing to act swiftly may face not only technical breaches but also financial penalties and reputational damage as the public becomes more aware of these invisible attack vectors.

If you want, I can also create a visual timeline showing WhatsApp zero-click attacks and TP-Link vulnerabilities to make this article more engaging for readers. Do you want me to do that?

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: securityaffairs.com
Extra Source Hub:
https://www.reddit.com/r/AskReddit
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon