CVE-2025-59482

High

Published: 03 February 2026

Published

03 February 2026

Modified

16 March 2026

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0003 10.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59482 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Tp-Link Archer Ax53 Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 10.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the heap-based buffer overflow flaw in the tmpserver module via firmware updates, directly eliminating the vulnerability.

SI-10 Information Input Validation good match

prevent

Mandates validation of network packet fields, including length checks, to block specially crafted packets exceeding maximum expected values.

SI-16 Memory Protection partial match

prevent

Provides memory protections such as address space layout randomization or non-executable heaps to mitigate exploitation of the buffer overflow for arbitrary code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Heap buffer overflow in network service (tmpserver) directly enables remote exploitation of the service for code execution (T1210) and subsequent privilege escalation on the device (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected…

value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Deeper analysisAI

CVE-2025-59482 is a heap-based buffer overflow vulnerability (CWE-122) in the tmpserver modules of the TP-Link Archer AX53 v1.0 router. The flaw occurs when processing a specially crafted network packet containing a field whose length exceeds the maximum expected value, affecting versions through 1.3.1 Build 20241120. Published on 2026-02-03, it carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Authenticated adjacent attackers can exploit this vulnerability by sending the malicious packet, potentially causing a segmentation fault or executing arbitrary code. The adjacent network access vector (AV:A) and low privileges required (PR:L) combined with low attack complexity (AC:L) and no user interaction (UI:N) make it feasible for nearby authenticated users, such as those on the local Wi-Fi network with valid credentials.

Advisories from Talos Intelligence, including TALOS-2025-2283, detail the vulnerability, while TP-Link provides firmware downloads for Archer AX53 v1.0 on regional support sites (e.g., US, MY, and global). Practitioners should recommend immediate firmware updates to mitigate the issue, as patched versions address the buffer overflow in tmpserver.

Details

CWE(s): CWE-122

Affected Products

tp-link

archer ax53 firmware

1.0

CVEs Like This One

CVE-2025-59487Same product: Tp-Link Archer Ax53

CVE-2025-58077Same product: Tp-Link Archer Ax53

CVE-2025-62405Same product: Tp-Link Archer Ax53

CVE-2025-58455Same product: Tp-Link Archer Ax53

CVE-2025-62404Same product: Tp-Link Archer Ax53

CVE-2025-61983Same product: Tp-Link Archer Ax53

CVE-2025-62673Same product: Tp-Link Archer Ax53

CVE-2025-61944Same product: Tp-Link Archer Ax53

CVE-2026-30815Same product: Tp-Link Archer Ax53

CVE-2026-30814Same product: Tp-Link Archer Ax53

References

https://talosintelligence.com/vulnerability_reports/
Third Party Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/us/support/faq/4943/
Vendor Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2283
af854a3a-2127-422b-91ae-364da2661108