CISA Adds Actively Exploited TP-Link Router Vulnerabilities to KEV Catalog

On September 25, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws affecting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. The vulnerabilities include CVE-2023-50224, an authentication bypass via spoofing with a CVSS score of 6.5, and CVE-2025-9377. The inclusion in the KEV catalog underscores the urgency for users to address these vulnerabilities due to their active exploitation. TP-Link routers are widely deployed in both consumer and enterprise environments, making these vulnerabilities particularly concerning. An authentication bypass vulnerability can allow attackers to gain unauthorized access to the router, potentially leading to further network compromise. The active exploitation of these vulnerabilities highlights the importance of timely patching and robust network security measures. Organizations using TP-Link routers should prioritize applying available patches, implementing network segmentation, and monitoring for signs of exploitation. The broader cybersecurity landscape is impacted by such vulnerabilities as they expand the attack surface and introduce supply chain risks. Effective patch management and proactive security measures are critical to mitigating these threats.