CVE-2025-15608 HIGH

CVE-2025-15608: Buffer Overflow in Network Probe Handling Function of TP-Link Archer AX53

Vendor Tp-Link Systems Inc.
Product AX53 v1
Weakness CWE-121
Published March 20, 2026
Last update March 23, 2026

CVSS base score

7.7/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

What the vulnerability does

01Description

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques. Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device.

Key dates

02Disclosure timeline

March 20, 2026 CVE published
March 23, 2026 Record updated