Affected Vendors This Week
- TP-Link: 4 CVEs (2 High, 2 None)
- ASUS: 3 CVEs (1 Critical, 2 None)
- Cisco: 1 CVE (Critical)
- Linksys: 1 CVE (Medium)
- SonicWall: 1 CVE (Medium)
Critical Vulnerabilities Requiring Immediate Attention
Two critical vulnerabilities dominate this week's advisory. CVE-2025-20393 (CVSS 10.0) affects Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. This perfect-score vulnerability exists in the Spam Quarantine feature and allows unauthenticated remote attackers to execute arbitrary code. Organizations running these email security appliances should prioritize patching immediately.
Equally urgent: CVE-2025-59374 (CVSS 9.8) involves a supply chain compromise affecting ASUS Live Update clients. Certain builds were distributed with unauthorized modifications that could facilitate remote code execution or system compromise. ASUS users should verify their Live Update client version and check for official security advisories from ASUS regarding affected versions.
TP-Link WA850RE Extender Issues
TP-Link users face two high-severity vulnerabilities in the WA850RE range extender. CVE-2025-14737 (CVSS 8.0) is a command injection flaw in the httpd modules that allows authenticated adjacent attackers to inject arbitrary commands. More concerning, CVE-2025-14738 (CVSS 7.5) permits unauthenticated attackers to download the device's configuration file—potentially exposing credentials and network settings. Both affect WA850RE V2 (≤160527) and V3 (≤160922) firmware versions. Check your firmware version and apply patches if available.
Additionally, CVE-2025-14739 in the WR940N and WR941ND models involves an uninitialized pointer vulnerability enabling denial-of-service and potential code execution via local access.
Other Notable Vulnerabilities
CVE-2025-29231 (CVSS 6.1) is a stored XSS vulnerability in Linksys E5600 V1.1.0.26. The flaw allows attackers to inject malicious scripts through the page_save component. Users should update to the latest firmware version.
CVE-2025-40602 (CVSS 6.6) affects SonicWall SMA1000 appliances, enabling local privilege escalation in the management console due to insufficient authorization checks.
CVE-2025-14553 exposes password hashes through the TP-Link Tapo app (iOS/Android) via an unauthenticated API response, allowing brute-force attacks on local networks.
Recommendation
Prioritize patching for the two critical CVEs this week. For TP-Link and ASUS devices, verify affected product versions and check vendor security pages for firmware updates. Organizations managing Cisco email security appliances should treat CVE-2025-20393 as a critical priority given its perfect CVSS score and remote exploitability.