CVE-2025-15035
Published: 09 January 2026
Summary
CVE-2025-15035 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Tp-Link Archer Axe75 Firmware. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 2.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2025-15035 is an Improper Input Validation vulnerability (CWE-20) in the VPN modules of the TP-Link Archer AXE75 router version 1.6. It affects builds up to 20250107 and was published on 2026-01-09 with a CVSS v3.1 base score of 7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
An authenticated adjacent attacker can exploit this issue to delete arbitrary server files, potentially causing loss of critical system files, service interruptions, or degraded functionality. The attack requires low complexity, low privileges, and adjacency to the device, with high impact on integrity and availability but no confidentiality effects.
TP-Link provides firmware downloads for the Archer AXE75 v1 on regional support pages, indicating updates beyond the vulnerable build 20250107 as the primary mitigation. Additional details are available in the Palo Alto Networks disclosure at PANW-2025-0004 on GitHub and a related TP-Link FAQ.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1720
Vulnerability details
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6:…
more
≤ build 20250107.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation enables authenticated adjacent attacker to perform arbitrary file deletion on the device, directly supporting file deletion for indicator removal and data destruction for availability/integrity impact.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all inputs to the VPN modules before permitting file operations, blocking the arbitrary deletion path in CVE-2025-15035.
Enforces explicit access-control policy on file-system operations so that even an authenticated adjacent user cannot delete arbitrary server files.
Limits the privileges granted to adjacent authenticated accounts, reducing the set of files any single VPN-module session can delete.