CVE-2025-61944

High

Published: 03 February 2026

Published

03 February 2026

Modified

16 March 2026

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0003 10.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-61944 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Tp-Link Archer Ax53 Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the heap-based buffer overflow by applying vendor-provided firmware updates to the affected TP-Link Archer AX53 router.

SI-10 Information Input Validation good match

prevent

Requires validation of incoming network packets to reject those with excessive numbers of zero-length fields, preventing the buffer overflow in tmpserver modules.

SI-16 Memory Protection partial match

prevent

Implements heap memory protections such as bounds checking and safe unlinking to mitigate exploitation of the buffer overflow even if invalid packets are processed.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Heap buffer overflow in router network service (tmpserver) directly enables remote exploitation for code execution or DoS via crafted packets.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This…

issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Deeper analysisAI

CVE-2025-61944 is a heap-based buffer overflow vulnerability (CWE-122) in the tmpserver modules of the TP-Link Archer AX53 v1.0 router. It affects versions through 1.3.1 Build 20241120 and has a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The flaw arises when processing a specially crafted network packet containing an excessive number of fields with zero-length values, leading to potential memory corruption.

Authenticated attackers on the adjacent network (AV:A) with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation may cause a segmentation fault, resulting in a denial of service, or potentially allow arbitrary code execution with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

Mitigation details are available in vendor advisories and reports. TP-Link provides updated firmware for the Archer AX53 v1.0 on regional support download pages, such as those for the US and Malaysia. Talos Intelligence's vulnerability report TALOS-2025-2288 offers technical analysis, and a related FAQ on TP-Link's site addresses firmware updates. Security practitioners should apply the latest firmware to vulnerable devices.

Details

CWE(s): CWE-122

Affected Products

tp-link

archer ax53 firmware

1.0

CVEs Like This One

CVE-2025-61983Same product: Tp-Link Archer Ax53

CVE-2025-62673Same product: Tp-Link Archer Ax53

CVE-2025-59487Same product: Tp-Link Archer Ax53

CVE-2025-58077Same product: Tp-Link Archer Ax53

CVE-2025-59482Same product: Tp-Link Archer Ax53

CVE-2025-62405Same product: Tp-Link Archer Ax53

CVE-2025-58455Same product: Tp-Link Archer Ax53

CVE-2025-62404Same product: Tp-Link Archer Ax53

CVE-2026-30814Same product: Tp-Link Archer Ax53

CVE-2025-15608Same product: Tp-Link Archer Ax53

References

https://talosintelligence.com/vulnerability_reports/
Third Party Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/us/support/faq/4943/
Vendor Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2288
af854a3a-2127-422b-91ae-364da2661108