COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-15608

CVE-2025-15608

Severity
critical
Source
NVD · cve
Published
2026-03-20
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-15608
⚡ RCE shame 50/100 rce

This vulnerability in AX53 v1, AX55 v4 and AX55 v4.6 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions,

Players implicated

tp-link · vendorarcher ax53 · productarcher ax53 firmware · product

Description

This vulnerability in AX53 v1, AX55 v4 and AX55 v4.6 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques. Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.