(TLP:CLEAR) Weekly Vulnerabilities to Prioritize – September 4, 2025

The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

Sangoma FreePBX Authentication Bypass Vulnerability
CVSS: 10.0
CVE: CVE-2025-57819
Description: FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3. CISA has added this vulnerability to its KEV catalog.
Source: https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203

TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability
CVSS Score: 8.6
CVE: CVE-2025-9377
Description: The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It’s recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es). CISA has added this vulnerability to its KEV catalog.
Source: https://www.tp-link.com/us/support/faq/4365/
Additional Reading:

• Software and Firmware Support on End of Service Products

TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
CVSS Score: 6.5
CVE: CVE-2023-50224
Description: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. CISA has added this vulnerability to its KEV catalog.
Source: https://www.tp-link.com/us/support/faq/4365/

TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
CVSS Score: N/A
CVE: CVE-2020-24363
Description: TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. CISA has added this vulnerability to its KEV catalog.
Source: https://www.tp-link.com/us/support/download/tl-wa855re/#Firmware

Meta Platforms WhatsApp Incorrect Authorization Vulnerability
CVSS Score: 5.4
CVE: CVE-2025-55177
Description: Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users. CISA has added this vulnerability to its KEV catalog.Source:https://www.facebook.com/security/advisories/cve-2025-55177