CISA updates its KEV List with TP-Link Wi-Fi extender and WhatsApp spyware flaws, urging users and agencies to patch risks before exploitation spreads.
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two significant security vulnerabilities to its official list of known exploited flaws. For your information, this catalogue is a list of vulnerabilities that have been actively used by malicious actors.
High-Severity Flaw in TP-Link Extender
First on the list is a high-severity flaw in a TP-Link Wi-Fi Range Extender, the model TL-WA855RE. This serious issue, tracked as CVE-2020-24363, has a score of 8.8 out of 10. The problem is a “missing authentication” flaw, which means an attacker can get high-level access to the device.
Cybersecurity firm MalwareForensics stated that a fix was issued, which is available here, but please note, this model has reached its “end-of-life” status. This means the manufacturer is no longer providing updates or support, making it an ongoing security risk. Users of this specific range extender are advised to switch to a newer model to ensure their network remains secure.
WhatsApp Targeted by Spyware
A second, less severe but still concerning, vulnerability has been found in WhatsApp. This flaw, assigned CVE-2025-55177 with a score of 5.4, was reportedly used in a highly-targeted spyware campaign. The issue stems from “incomplete authorisation” for messages synced with linked devices.
The attackers used this vulnerability in combination with a separate flaw in Apple’s iOS, iPadOS, and macOS operating systems, identified as CVE-2025-43300, as reported by Hackread.com on August 31, 2025.
The vulnerability affected several versions of the application, including WhatsApp for iOS before version 2.25.21.73, WhatsApp Business for iOS before version 2.25.21.78, and WhatsApp for Mac before version 2.25.21.78. WhatsApp announced it sent in-app warnings to under 200 users who may have been specifically targeted by the campaign.
What To Do
These vulnerabilities are considered a serious risk to the public and private sectors. While the CISA’s catalogue is primarily a guide for US federal agencies, the agency strongly urges all organisations, and even individual users, to take these risks seriously. The government’s Binding Operational Directive (BOD) 22-01 mandates that federal agencies fix these issues promptly. This includes prioritising and fixing these vulnerabilities to protect against potential cyberattacks.
The inclusion of these flaws in the CISA catalogue prompted reactions from cybersecurity experts, highlighting the broader implications for both businesses and individuals.
Randolph Barr, Chief Information Security Officer at Cequence Security, points out that the TP-Link issue is often tied to home workers. He states that employees “turn to consumer extenders as a cheap and easy way to fix Wi-Fi dead zones,” but these devices often have weak security and are rarely updated. For him, the vulnerability on the KEV list is a reminder that “unmanaged consumer gear can quietly extend your attack surface if not addressed.”
