Security Advisory on Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75 (CVE-2025-15035)
110 Vulnerability Description:
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file.
Impacts:
This vulnerability may lead to:
- Loss of critical system files, compromising system integrity.
- Service interruption or degraded functionality due to deletion of configuration or operational files.
CVSS v4.0 Score: 6.9 / Medium
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Affected Products/Versions and Fixes:
|
Affected Product Model |
Related Vulnerabilities |
Affected Version |
|
Archer AXE75 v1.6 |
CVE-2025-15035 |
≤ build 20250107 |
Recommendation(s):
We strongly recommend that users with the affected device(s) take the following action(s):
- Download and update to the latest firmware version to fix these vulnerabilities:
US: https://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware
EN: https://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware
JP: Archer AXE75 のコンテンツ | TP-Link 日本
Disclaimer:
If you do not take the recommended actions stated above, this vulnerability concern will remain. TP-Link cannot bear any responsibility for the consequences that could have been avoided by following the recommended actions in this statement.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.