CVE-2025-62405

High

Published: 03 February 2026

Published

03 February 2026

Modified

16 March 2026

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 1.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62405 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Tp-Link Archer Ax53 Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly enforces bounds checking and validation of network packet fields to prevent heap buffer overflows from oversized length values in tmpserver modules.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the specific flaw through application of vendor firmware patches addressing the improper bounds checking.

SI-16 Memory Protection partial match

prevent

Implements memory protections like heap isolation and non-executable regions to mitigate potential arbitrary code execution from heap overflows.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Heap buffer overflow in network service (tmpserver) enables remote exploitation of the router for code execution (T1210) from adjacent authenticated access, with potential privilege escalation to root/admin on the device (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected…

value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Deeper analysisAI

CVE-2025-62405 is a heap-based buffer overflow vulnerability (CWE-122) in the tmpserver modules of TP-Link Archer AX53 v1.0 routers. It affects versions through 1.3.1 Build 20241120. The flaw arises when processing a specially crafted network packet containing a field whose length exceeds the maximum expected value, leading to improper bounds checking.

Authenticated adjacent attackers can exploit this vulnerability with low complexity, requiring only low privileges and no user interaction. By sending the malicious packet over the local network, they can trigger a segmentation fault or potentially achieve arbitrary code execution, granting high confidentiality, integrity, and availability impacts as scored by CVSS 3.1 at 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Mitigation is addressed in vendor advisories and firmware updates available from TP-Link support pages for Archer AX53 v1.0, including downloads specific to various regions. Detailed analysis is provided in Talos Intelligence reports, such as TALOS-2025-2284, recommending immediate application of patched firmware to affected devices.

Details

CWE(s): CWE-122

Affected Products

tp-link

archer ax53 firmware

1.0

CVEs Like This One

CVE-2025-59487Same product: Tp-Link Archer Ax53

CVE-2025-58077Same product: Tp-Link Archer Ax53

CVE-2025-59482Same product: Tp-Link Archer Ax53

CVE-2025-58455Same product: Tp-Link Archer Ax53

CVE-2025-62404Same product: Tp-Link Archer Ax53

CVE-2025-61983Same product: Tp-Link Archer Ax53

CVE-2025-62673Same product: Tp-Link Archer Ax53

CVE-2025-61944Same product: Tp-Link Archer Ax53

CVE-2026-30815Same product: Tp-Link Archer Ax53

CVE-2026-30814Same product: Tp-Link Archer Ax53

References

https://talosintelligence.com/vulnerability_reports/
Third Party Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/us/support/faq/4943/
Vendor Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2284
af854a3a-2127-422b-91ae-364da2661108