Unrated severityNVD Advisory· Published Jan 9, 2026· Updated Jan 9, 2026

Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75

CVE-2025-15035

Description

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.

Affected products

TP-Link/Archer AXE75 V1llm-fuzzy
Range: <= build 20250107
TP-Link Systems Inc./Archer AXE75 v1.6v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.tp-link.com/en/support/download/archer-axe75/v1/mitrepatch
www.tp-link.com/jp/support/download/archer-axe75/v1/mitrepatch
www.tp-link.com/us/support/download/archer-axe75/v1/mitrepatch
www.tp-link.com/phppage/preview.phpmitrevendor-advisory
github.com/PaloAltoNetworks/u42-vulnerability-disclosures/tree/master/2025/PANW-2025-0004mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000