CVE-2025-62404
Published: 03 February 2026
Summary
CVE-2025-62404 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Tp-Link Archer Ax53 Firmware. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by identifying, testing, and deploying the vendor firmware update that corrects the improper bounds checking in tmpserver packet processing.
Requires validation of network packet lengths at input points to enforce bounds checking and prevent heap buffer overflows from oversized crafted packets.
Implements memory protections like non-executable heap and randomization to block arbitrary code execution even if a buffer overflow occurs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in router service enables remote exploitation of the device for code execution (T1210) and privilege escalation from low-priv authenticated access (T1068).
NVD Description
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects…
more
Archer AX53 v1.0: through 1.3.1 Build 20241120.
Deeper analysisAI
CVE-2025-62404 is a heap-based buffer overflow vulnerability (CWE-122) in the tmpserver modules of the TP-Link Archer AX53 v1.0 router firmware. It affects versions through 1.3.1 Build 20241120. The flaw arises when processing a specially crafted network packet whose length exceeds the maximum expected value, leading to improper bounds checking on heap memory allocation.
Authenticated attackers on the adjacent network (AV:A) with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N), achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) for a CVSS v3.1 base score of 8.0. Successful exploitation may cause a segmentation fault, denying service, or potentially allow arbitrary code execution in the context of the affected module.
Mitigation details are available in advisories from Talos Intelligence, including the specific report TALOS-2025-2287, and TP-Link support resources. Firmware updates addressing the issue can be downloaded from TP-Link's regional support pages for the Archer AX53 v1.0, such as those for the US and Malaysia sites, along with relevant FAQs.
Details
- CWE(s)