Thursday, March 26, 2026 14:34

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva.

The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.     

Canva Affinity vulnerabilities

Discovered by KPC of Cisco Talos.

Canva Affinity is a free-to-use tool for pixel and vector art manipulation used in graphic and document design.

Talos researchers found 19 vulnerabilities in Affinity. Eighteen of them are out-of-bounds read vulnerabilities in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit these vulnerabilities to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

• TALOS-2025-2311 (CVE-2025-64776)
• TALOS-2025-2310 (CVE-2025-64301)
• TALOS-2025-2300 (CVE-2025-64733)
• TALOS-2025-2319 (CVE-2025-66042)
• TALOS-2025-2321 (CVE-2025-62403)
• TALOS-2025-2314 (CVE-2025-58427)
• TALOS-2025-2298 (CVE-2025-62500)
• TALOS-2025-2299 (CVE-2025-61979)
• TALOS-2025-2317 (CVE-2025-61952)
• TALOS-2025-2316 (CVE-2025-47873)
• TALOS-2025-2318 (CVE-2025-66503)
• TALOS-2025-2324 (CVE-2026-20726)
• TALOS-2025-2301 (CVE-2025-66000)
• TALOS-2025-2320 (CVE-2025-65119)
• TALOS-2025-2325 (CVE-2026-22882)
• TALOS-2025-2315 (CVE-2025-66617)
• TALOS-2025-2313 (CVE-2025-66633)
• TALOS-2025-2312 (CVE-2025-64735)

The last vulnerability is TALOS-2025-2297 (CVE-2025-66342), a type confusion vulnerability in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.

TP-Link vulnerabilities

Discovered by Lilith >_> of Cisco Talos.

The TP-Link Archer AX53 is a dual band gigabit Wi-Fi router. Talos researchers found 10 vulnerabilities in the router functionality.

TALOS-2025-2290 (CVE-2025-62673) is a stack-based buffer overflow vulnerability in the tdpServer ssh port update functionality of Tp-Link AX53. A specially crafted network packet can lead to stack-based buffer overflow.

These eight vulnerabilities exist in the tmpServer opcode of the AX53:

• TALOS-2025-2283 (CVE-2025-59482): Buffer overflow
• TALOS-2025-2284 (CVE-2025-62405): Stack-based buffer overflow
• TALOS-2025-2285 (CVE-2025-59487): Write-what-where
• TALOS-2025-2286 (CVE-2025-61983): Out-of-bounds write
• TALOS-2025-2287 (CVE-2025-62404): Stack-based buffer overflow
• TALOS-2025-2288 (CVE-2025-61944): Out-of-bounds write
• TALOS-2025-2289 (CVE-2025-58455): Stack-based buffer overflow
• TALOS-2025-2294 (CVE-2025-58077): Heap-based buffer overflow

A specially crafted set of network packets can be sent to trigger these vulnerabilities, which can lead to arbitrary code execution.

TALOS-2025-2291 (CVE-2025-62501) is a misconfiguration vulnerability in the SSH Hostkey functionality. A specially crafted man-in-the-middle attack can lead to credentials leak.

HikVision buffer overflow vulnerability

Discovered by a member of Cisco Talos.

HikVision creates AI-trained machine perception for use in security surveillance and other monitoring hardware, including Ultra Face Recognition Terminals for authentication.

Talos researchers found TALOS-2025-2281 (CVE-2025-66176), a stack-based buffer overflow vulnerability, in the SADP XML parsing functionality of Hangzhou Hikvision Digital Technology Co., Ltd. Ultra Face Recognition Terminal 3.7.60_250613 and Face Recognition Terminal for Turnstyle 3.7.0_240524 (under emulation). A specially crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.