CVE-2025-15035
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-03-09
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | archer_axe75_firmware | to 1.3.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Input Validation issue in the TP-Link Archer AXE75 v1.6 VPN modules. It allows an authenticated adjacent attacker to delete arbitrary server files, which can lead to the loss of critical system files and cause service interruption or degraded functionality.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with authentication and adjacency to delete important server files on the device. This can result in loss of critical system files, causing service interruptions or degraded functionality of the router.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade the TP-Link Archer AXE75 v1.6 firmware to the latest version available from the official TP-Link website for your region. Firmware versions 1.4.1 (Build 20250717) and 1.5.1 (Build 20251202) include security and stability improvements addressing VPN-related issues and enhance device security. Avoid downgrading firmware after upgrade, use a wired connection during the upgrade process if possible, and stop internet applications to prevent upgrade failures. [1, 3]