CVE-2025-58455
Published: 03 February 2026
Summary
CVE-2025-58455 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Tp-Link Archer Ax53 Firmware. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 10.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely flaw remediation through firmware updates to eliminate the heap buffer overflow vulnerability in the tmpserver module.
Enforces validation of network packet lengths to prevent heap buffer overflows from specially crafted oversized inputs.
Provides runtime memory protections such as non-executable heaps to mitigate arbitrary code execution from heap-based buffer overflows.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in network service (tmpserver) allows authenticated adjacent attackers to achieve RCE or DoS, directly mapping to remote service exploitation and privilege escalation on the device.
NVD Description
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects…
more
Archer AX53 v1.0: through 1.3.1 Build 20241120.
Deeper analysisAI
CVE-2025-58455 is a heap-based buffer overflow vulnerability (CWE-122) in the tmpserver modules of the TP-Link Archer AX53 v1.0 router firmware. It affects versions through 1.3.1 Build 20241120 and has a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The flaw arises when processing a specially crafted network packet whose length exceeds the maximum expected value, leading to improper bounds checking.
Authenticated attackers on the adjacent network (AV:A, PR:L) can exploit this vulnerability by sending the malicious packet to the affected device. Successful exploitation may cause a segmentation fault, resulting in a denial of service, or potentially allow arbitrary code execution with high confidentiality, integrity, and availability impacts.
Mitigation is available through firmware updates from TP-Link, as referenced in their support pages for the Archer AX53 v1.0, including download links for various regions and a relevant FAQ. Detailed analysis is provided in the Talos Intelligence vulnerability report TALOS-2025-2289. Security practitioners should verify and apply the latest firmware to vulnerable devices.
Details
- CWE(s)