The Department of Cyber Security and High-Tech Crime Prevention (Hanoi City Police) warns about security vulnerabilities of old CVE and Router City- Link devices that could impact the systems of domestic agencies and organizations. Specifically as follows:
1. Software security vulnerability on email service
CVE-2025-59689 District Command filling vulnerability in Libraesva Email Security Gateway
CVSS score: 6.1/10 Level: Average (Medium).
described: hackers can exploit vulnerabilities by entering enabled commands via email with specially designed compressed attachments, allowing them to execute arbitrary commands as unprivileged users. The reason is that the file scanning process did not handle it properly when Deleting the executable code from some compression storage formats.
Affected version: Libraesva ESG from version 4.5 to before 5.0.31.
Recommendation: Libraesva has released an emergency, automatic patch for all customers using ESG 5.x (no additional operations required).For users of version 4.x, it is necessary to manual update according to the instructions at: https://docs.libraesva.com/document/migration/libraesva-esg-4-x-to-5-x-migration-guide
PoC review: There is currently no public exploitation code (PoC).
2. Software security vulnerability in the browser
CVE-2025-11152 nguyen tac of the whole number of flows causing sandbox exits on Firefox CVSS score: 8.6/10 Level: High (High).
described: nguyen tac of the Graphics components: Canvas2D can allowhaters to exit the Sandbox, access sensitive data from memory, or execute malware.
Affected version: Firefox 143.0.3 or later.
Recommendation: Mozilla has fixed it in version 143.0.3.Users should upgrade to this version or later to minimize risks.The fix has also been integrated into Linux distributions such as Ubuntu and Debian.For details, see: https://www.mozilla.org/en-US/security/advisories/mfsa2025 80
3. vulnerabilities on old Router TP- Link devices
Many old TP- Link Router models in use at agencies and units have stopped supporting firmware updates or stopped providing services ( End-of-Life/ End-of- Service) such as: TP- Link TL-WR740N, TL-WR841N, TL-WR940N, Archer C50, Archer C20, TL-WR1043ND, TL-MR3420...
These devices have many serious vulnerabilities and will never be patched, becoming a popular attack target.
Common errors include: Commandmand Injection Buffer Overflow Authentication Bypass remote code execution (RCE).
hackers can: Exploit remote remote control; steal login information and network data; redirect users to phishing sites; Create Botnet for DDoS attacks; Spread malware in internal networks.
Proposed remediation
For Router TP- Link devices that have stopped support, the patching cannot be done through software updates but requires more drastic measures:
Review and count the device: Make a list of all routers in use in the agency, unit; Clearly record the model, firmware version.
Look up the support status: Check on the official website of TP- Link to determine the EoL/EoS status.
Replace the device: It is mandatory to replace the old router with a new device that supports regular security updates.
Strengthening network security: Network Segmentation: Issuing an important system to limit spread.
Firewall: Tight setup, only allowing necessary connections.
Infrastructure detection/prevention system (IDS/IPS): Traffic monitoring and warning of unusual behavior.
The Department of Cyber Security and High-Tech Crime Prevention, Hanoi City Police recommends that agencies, businesses, organizations and individuals seriously implement the above instructions to promptly detect, overcome risks and prevent cyber attacks, ensure information security in the system.
