CVE-2025-15035 MEDIUM

CVE-2025-15035: Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75

Vendor Tp-Link Systems Inc.
Product Archer AXE75 v1.6
Weakness CWE-20 · Input validation
Published January 9, 2026
Last update January 9, 2026

CVSS base score

6.9/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.

Key dates

02Disclosure timeline

January 9, 2026 CVE published
January 9, 2026 Record updated