CVE-2025-62501

Summary

SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.Archer AX53 v1.00 <= 1.3.1 Build 20241120affected

Weaknesses

  • CWE-322: CWE-322 Key Exchange without Entity Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References