Cisco Talos Discovers Multiple Vulnerabilities in Consumer Products
A recent report by Cisco Talos details several vulnerabilities discovered in products from HikVision, TP-Link, and Canva. These vulnerabilities have been addressed through patches released by the respective vendors, in accordance with Cisco’s third-party vulnerability disclosure policy.
The vulnerabilities affecting Canva Affinity include 19 specific issues, primarily revolving around the out-of-bounds read vulnerabilities linked to the Enhanced Metafile (EMF) functionality. Exploitation of these vulnerabilities involves using a specially crafted EMF file, which could potentially facilitate the unauthorized disclosure of sensitive information. Notably, one of the vulnerabilities—CVE-2025-66342—represents a type confusion issue also tied to EMF processing, which could lead to memory corruption and arbitrary code execution.
In the case of TP-Link, ten vulnerabilities were identified within the Archer AX53 dual-band gigabit Wi-Fi router. A prominent one—CVE-2025-62673—is a stack-based buffer overflow stemming from the tdpServer SSH port update functionality. Exploitation could occur via the transmission of specially crafted network packets. Additionally, CVE-2025-62501 outlines a misconfiguration vulnerability that could allow for credential leaks during a man-in-the-middle attack, triggered through crafted requests to the SSH Hostkey functionality.
HikVision’s product vulnerabilities include a critical stack-based buffer overflow located in the XML parsing functionality of specific face recognition terminals. Identified as CVE-2025-66176, this issue could allow attackers to execute remote code by sending malicious payloads over the network.
Defensive Context
Organizations using the affected products should prioritize attention, particularly those in sectors utilizing technology for user authentication and data processing. The vulnerabilities pose a significant risk, especially to systems exposed to untrusted networks or user-generated content that could exploit the identified weaknesses.
Why This Matters
These issues are particularly relevant for businesses relying on consumer-grade networking devices and software applications for creative or security purposes. Their prevalence in products with widespread deployment increases the potential impact on sensitive user data and overall system security.
Defender Considerations
Specific actions based on the findings include monitoring for suspicious network traffic that may indicate exploitation attempts, especially in environments where the listed products are in use. Keeping abreast of the latest patches provided by the vendors is crucial to mitigate these vulnerabilities.
Indicators of Compromise (IOCs)
The relevant CVE identifiers are:
– Canva Affinity: CVE-2025-66342
– TP-Link Archer AX53: CVE-2025-62673, CVE-2025-62501
– HikVision: CVE-2025-66176
