CVE-2025-15608
CWE-121Published: March 20, 2026· Updated: Mar 24, 2026
Official Description
This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques.
Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device.
Technical Analysis
CVE-2025-15608 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (2)
Quick Facts
Related CVEs (CWE-121)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2025-15608 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts