Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75_CVE-2025-15035

6.9 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Description

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.

Basic Information

ID CVE-2025-15035

Source TPLink

Published Jan 9, 2026 at 17:10

Modified Jan 9, 2026 at 18:36

Affected Product

Vendor TP-Link Systems Inc.

Product Archer AXE75 v1.6

Affected Versions TP-Link Systems Inc. Archer AXE75 v1.6 0

CWE Classification

CWE-20

References

{
    "lastseen": "",
    "description": "Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: \u2264 build 20250107.",
    "published": "2026-01-09T17:10:39.477Z",
    "modified": "2026-01-09T18:36:41.597Z",
    "type": "cve",
    "title": "Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75",
    "source": "TPLink",
    "references": "https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/tree/master/2025/PANW-2025-0004\nhttps://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware\nhttps://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware\nhttps://www.tp-link.com/jp/support/download/archer-axe75/v1/#Firmware\nhttps://www.tp-link.com/phppage/preview.php?url=https://www.tp-link.com/en/support/faq/4881/",
    "id": "CVE-2025-15035",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "TP-Link Systems Inc. Archer AXE75 v1.6 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Archer AXE75 v1.6",
    "version": "0",
    "vendor": "TP-Link Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}