CVE-2025-62501
Published: 03 February 2026
Summary
CVE-2025-62501 is a high-severity Key Exchange without Entity Authentication (CWE-322) vulnerability in Tp-Link Archer Ax53 Firmware. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-12 (Cryptographic Key Establishment and Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the vulnerability by requiring timely remediation through application of the vendor firmware patch that fixes the SSH hostkey misconfiguration.
Ensures baseline configuration settings for SSH hostkeys are securely established and maintained to prevent misconfigurations exploitable by MITM attacks.
Mandates proper cryptographic key establishment and management for SSH hostkeys, ensuring entity authentication during key exchange to block MITM credential capture.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSH hostkey misconfiguration directly enables MITM attacks for credential capture (T1557 Adversary-in-the-Middle).
NVD Description
SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53 v1.0: through…
more
1.3.1 Build 20241120.
Deeper analysisAI
CVE-2025-62501 is an SSH hostkey misconfiguration vulnerability in the tmpserver modules of TP-Link Archer AX53 v1.0 routers. It affects versions through 1.3.1 Build 20241120 and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), mapped to CWE-322 (Key Exchange without Entity Authentication). The flaw enables attackers to obtain device credentials via a specially crafted man-in-the-middle (MITM) attack.
Remote attackers with no privileges or user interaction required can exploit this over the network by positioning themselves for an MITM attack, which demands high attack complexity. Successful exploitation allows capture of device credentials, potentially leading to unauthorized access if those credentials are reused elsewhere.
Talos Intelligence advisories, including TALOS-2025-2291, detail the issue, while TP-Link provides firmware downloads on regional support pages (e.g., US, MY, and global) for Archer AX53 v1.0 to mitigate the vulnerability through patching. Security practitioners should verify and apply these updates promptly.
Details
- CWE(s)