What is the CVSS score of CVE-2025-15035?

CVE-2025-15035 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Archer Axe75 Firmware are affected by CVE-2025-15035?

Organizations using TP-Link Archer AXE75 face moderate risk from CVE-2025-15035, a input validation vulnerability rated CVSS 7.3. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-15035?

Within 7 days: Identify all affected systems running TP-Link Archer AXE75 and apply vendor patches promptly. Monitor vendor channels for patch availability.

Archer Axe75 Firmware CVE-2025-15035

HIGH

Improper Input Validation (CWE-20)

2026-01-09 f23511db-6c3e-4e32-a477-6aa17d310630

TP-Link Archer Axe75 Firmware

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 09, 2026 - 17:15 nvd

HIGH 7.3

DescriptionNVD

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.

AnalysisAI

Technical ContextAI

Classified as CWE-20 (Improper Input Validation). Affects Archer Axe75 Firmware. Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.