Input Validation Flaws in TP-Link Archer AXE75 Affecting File Integrity
CVE-2025-15035

6.9MEDIUM

Key Information:

Vendor

Tp-link Systems Inc.

Status
Archer Axe75 V1.6
Vendor
CVE Published:
9 January 2026

What is CVE-2025-15035?

An improper input validation vulnerability exists in TP-Link's Archer AXE75 router version 1.6. This flaw allows authenticated adjacent attackers to exploit the system, potentially leading to the deletion of arbitrary critical server files. Such unauthorized actions can result in significant service disruptions and degradation of system functionality. Users should apply the latest firmware updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Archer AXE75 v1.6 0

References

https://github.com/PaloAltoNetworks/u42-vulnerability-dis...
https://www.tp-link.com/us/support/download/archer-axe75/...
patch
https://www.tp-link.com/en/support/download/archer-axe75/...
patch

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yiheng An, Zhibin Zhang, Haozhe Zhang
JSON
.
CVE-2025-15035 : Input Validation Flaws in TP-Link Archer AXE75 Affecting File Integrity