CVE-2025-15035

Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75

Description

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.

INFO

Published Date :

2026-01-09T17:10:39.477Z

Last Modified :

2026-01-09T18:36:41.597Z

Source :

TPLink

AFFECTED PRODUCTS

The following products are affected by CVE-2025-15035 vulnerability.

Vendors	Products
Tp-link	Archer Axe75

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-15035.

URL	Resource
https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/tree/master/2025/PANW-2025-0004
https://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware
https://www.tp-link.com/jp/support/download/archer-axe75/v1/#Firmware
https://www.tp-link.com/phppage/preview.php?url=https://www.tp-link.com/en/support/faq/4881/
https://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability