CVE-2025-15035
Published: 09 January 2026
Summary
CVE-2025-15035 is a high-severity Improper Input Validation (CWE-20) vulnerability in Tp-Link Archer Axe75 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 3.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.
Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.
Directly implements checks on information inputs to reject invalid data before processing.
Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation enables authenticated adjacent attacker to perform arbitrary file deletion on the device, directly supporting file deletion for indicator removal and data destruction for availability/integrity impact.
NVD Description
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6:…
more
≤ build 20250107.
Deeper analysisAI
CVE-2025-15035 is an Improper Input Validation vulnerability (CWE-20) in the VPN modules of the TP-Link Archer AXE75 router version 1.6. It affects builds up to 20250107 and was published on 2026-01-09 with a CVSS v3.1 base score of 7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
An authenticated adjacent attacker can exploit this issue to delete arbitrary server files, potentially causing loss of critical system files, service interruptions, or degraded functionality. The attack requires low complexity, low privileges, and adjacency to the device, with high impact on integrity and availability but no confidentiality effects.
TP-Link provides firmware downloads for the Archer AXE75 v1 on regional support pages, indicating updates beyond the vulnerable build 20250107 as the primary mitigation. Additional details are available in the Palo Alto Networks disclosure at PANW-2025-0004 on GitHub and a related TP-Link FAQ.
Details
- CWE(s)