CVE-2025-62673
Published: 03 February 2026
Summary
CVE-2025-62673 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Tp-Link Archer Ax53 Firmware. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely remediation of flaws, directly addressing this CVE through application of TP-Link firmware updates that patch the heap-based buffer overflow in tdpserver.
SI-16 enforces memory protection mechanisms like ASLR and DEP that mitigate heap-based buffer overflows, preventing arbitrary code execution from malicious packet fields.
SI-10 mandates validation of incoming information, which would restrict specially crafted network packets targeting the vulnerable tdpserver field to prevent buffer overflows.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in network service (tdpserver) directly enables remote exploitation of the router for RCE/DoS over adjacent network.
NVD Description
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0:…
more
through 1.3.1 Build 20241120.
Deeper analysisAI
CVE-2025-62673 is a heap-based buffer overflow vulnerability (CWE-122) in the tdpserver modules of the TP-Link Archer AX53 v1.0 router firmware. It affects versions through 1.3.1 Build 20241120 and enables adjacent attackers to trigger a segmentation fault or potentially execute arbitrary code by sending a specially crafted network packet with a maliciously formed field. The vulnerability carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.
Adjacent attackers with low privileges, such as those on the local network segment, can exploit this flaw with low complexity and no user interaction required. Successful exploitation could result in denial of service via a crash or remote code execution, potentially allowing attackers to compromise the router's functionality, escalate privileges, or pivot to other network resources.
Mitigation is available through firmware updates from TP-Link, as indicated by support pages for the Archer AX53 v1.0, including downloads for various regions. Detailed analysis and patch information are provided in the Talos Intelligence vulnerability report TALOS-2025-2290. Security practitioners should verify and apply the latest firmware to affected devices immediately.
Details
- CWE(s)