Cyber Resilience

CVE-2025-62673

High

Published: 03 February 2026

Published
03 February 2026
Modified
16 March 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0055 41.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-62673 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Tp-Link Archer Ax53 Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 41.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-62673 is a heap-based buffer overflow vulnerability (CWE-122) in the tdpserver modules of the TP-Link Archer AX53 v1.0 router firmware. It affects versions through 1.3.1 Build 20241120 and enables adjacent attackers to trigger a segmentation fault or potentially execute arbitrary code by sending a specially crafted network packet with a maliciously formed field. The vulnerability carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

Adjacent attackers with low privileges, such as those on the local network segment, can exploit this flaw with low complexity and no user interaction required. Successful exploitation could result in denial of service via a crash or remote code execution, potentially allowing attackers to compromise the router's functionality, escalate privileges, or pivot to other network resources.

Mitigation is available through firmware updates from TP-Link, as indicated by support pages for the Archer AX53 v1.0, including downloads for various regions. Detailed analysis and patch information are provided in the Talos Intelligence vulnerability report TALOS-2025-2290. Security practitioners should verify and apply the latest firmware to affected devices immediately.

EU & UK References

Vulnerability details

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0:…

more

through 1.3.1 Build 20241120.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Heap buffer overflow in network service (tdpserver) directly enables remote exploitation of the router for RCE/DoS over adjacent network.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-61983Same product: Tp-Link Archer Ax53
CVE-2025-58077Same product: Tp-Link Archer Ax53
CVE-2025-62404Same product: Tp-Link Archer Ax53
CVE-2025-61944Same product: Tp-Link Archer Ax53
CVE-2025-58455Same product: Tp-Link Archer Ax53
CVE-2025-62405Same product: Tp-Link Archer Ax53
CVE-2025-59487Same product: Tp-Link Archer Ax53
CVE-2025-59482Same product: Tp-Link Archer Ax53
CVE-2025-15608Same product: Tp-Link Archer Ax53
CVE-2026-30818Same product: Tp-Link Archer Ax53

Affected Assets

tp-link
archer ax53 firmware
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely remediation of flaws, directly addressing this CVE through application of TP-Link firmware updates that patch the heap-based buffer overflow in tdpserver.

prevent

SI-16 enforces memory protection mechanisms like ASLR and DEP that mitigate heap-based buffer overflows, preventing arbitrary code execution from malicious packet fields.

prevent

SI-10 mandates validation of incoming information, which would restrict specially crafted network packets targeting the vulnerable tdpserver field to prevent buffer overflows.

References