CVE-2025-9377 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-08-29

Added to CISA KEV: 2025-09-03 5 DAYS BETWEEN CVE AND KEV

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
CRITICAL: Replace EOL routers immediately as no patches will be provided
If replacement not possible, disable remote management and WAN access to admin interface
Monitor network traffic for unusual router behavior and botnet communication patterns
Change default credentials and enable strongest available authentication

CVE-2025-9377 - CVE Details & Analysis | SOCRadar Labs CVE Radar
Description CVE-2025-9377 is an authenticated remote command execution (RCE) vulnerability affecting the Parental Control page of TP-Link Archer C7 (EU) V2 and TL-WR841N/ND (MS) V9 routers. Successful exploitation allows an attacker to execute arbitrary commands remotely, gaining control over the affected device.
CVE-2025-9377 Detail - NVD
Description. The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 ...
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025 ...
CISA flags TP-Link flaws CVE-2023-50224 and CVE-2025-9377 as exploited, urging fixes by Sept 24, 2025.
CISA Warns: TP-Link Vulnerabilities Under Active Exploitation
CISA has issued an urgent warning regarding critical vulnerabilities in popular TP-Link router that are currently being actively exploited.
TP-Link warns of botnet infecting routers and targeting Microsoft 365 ...
CVE-2025-50224 is a vulnerability that allows an attacker to steal passwords from the router and CVE-2025-9377 is a known Parental Control ...

🔴 CVE-2025-9377