Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy . For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website . Canva Affinity vulnerabilities Discovered by KPC of Cisco Talos. Canva Affinity is a free-to-use tool for pixel and vector art manipulation used in graphic and document design. Talos researchers found 19 vulnerabilities in Affinity. Eighteen of them are out-of-bounds read vulnerabilities in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit these vulnerabilities to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. TALOS-2025-2311 (CVE-2025-64776) TALOS-2025-2310 (CVE-2025-64301) TALOS-2025-2300 (CVE-2025-64733) TALOS-2025-2319 (CVE-2025-66042) TALOS-2025-2321 (CVE-2025-62403) TALOS-2025-2314 (CVE-2025-58427) TALOS-2025-2298 (CVE-2025-62500) TALOS-2025-2299 (CVE-2025-61979) TALOS-2025-2317 (CVE-2025-61952) TALOS-2025-2316 (CVE-2025-47873) TALOS-2025-2318 (CVE-2025-66503) TALOS-2025-2324 (CVE-2026-20726) TALOS-2025-2301 (CVE-2025-66000) TALOS-2025-2320 (CVE-2025-65119) TALOS-2025-2325 (CVE-2026-22882) TALOS-2025-2315 (CVE-2025-66617) TALOS-2025-2313 (CVE-2025-66633) TALOS-2025-2312 (CVE-2025-64735) The last vulnerability is TALOS-2025-2297 (CVE-2025-66342), a type confusion vulnerability in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. TP-Link vulnerabilities Discovered by Lilith >_> of Cisco Talos. The TP-Link Archer AX53 is a dual band gigabit Wi-Fi router. Talos researchers found 10 vulnerabilities in the router functionality. TALOS-2025-2290 (CVE-2025-62673) is a stack-based buffer overflow vulnerability in the tdpServer ssh port update functionality of Tp-Link AX53. A specially crafted network packet can lead to stack-based buffer overflow. These eight vulnerabilities exist in the tmpServer opcode of the AX53: TALOS-2025-2283 (CVE-2025-59482): Buffer overflow TALOS-2025-2284 (CVE-2025-62405): Stack-based buffer overflow TALOS-2025-2285 (CVE-2025-59487): Write-what-where TALOS-2025-2286 (CVE-2025-61983): Out-of-bounds write TALOS-2025-2287 (CVE-2025-62404): Stack-based buffer overflow TALOS-2025-2288 (CVE-2025-61944): Out-of-bounds write TALOS-2025-2289 (CVE-2025-58455): Stack-based buffer overflow TALOS-2025-2294 (CVE-2025-58077): Heap-based buffer overflow A specially crafted set of network packets can be sent to trigger these vulnerabilities, which can lead to arbitrary code execution. TALOS-2025-2291 (CVE-2025-62501) is a misconfiguration vulnerability in the SSH Hostkey functionality. A specially crafted man-in-the-middle attack can lead to credentials leak. HikVision buffer overflow vulnerability Discovered by a member of Cisco Talos. HikVision creates AI-trained machine perception for use in security surveillance and other monitoring hardware, including Ultra Face Recognition Terminals for authentication. Talos researchers found TALOS-2025-2281 (CVE-2025-66176), a stack-based buffer overflow vulnerability, in the SADP XML parsing functionality of Hangzhou Hikvision Digital Technology Co., Ltd. Ultra Face Recognition Terminal 3.7.60_250613 and Face Recognition Terminal for Turnstyle 3.7.0_240524 (under emulation). A specially crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.