CVE-2025-15035 is a vulnerability classified under CWE-20 (Improper Input Validation) affecting the VPN modules of the TP-Link Archer AXE75 v1.6 router firmware versions up to build 20250107. The flaw allows an authenticated attacker with adjacent network access—meaning the attacker must be on the same local or logically adjacent network segment—to craft malicious input that leads to arbitrary deletion of server files on the device. This improper validation of input parameters fails to restrict file deletion operations to authorized or safe paths, enabling the attacker to remove critical system files. The consequence of this vulnerability includes potential loss of essential system files, which can cause service interruptions, degraded router functionality, or even device instability. The CVSS 4.0 vector indicates the attack requires low complexity, no user interaction, and privileges (high) but no authentication bypass, with a medium overall severity score of 6.9. No public exploits have been reported yet, but the vulnerability poses a risk to network availability and integrity, especially in environments relying on these routers for VPN connectivity. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for cautious network segmentation and monitoring.

For European organizations, this vulnerability could disrupt VPN services critical for secure remote access and inter-office communications, potentially leading to downtime and loss of productivity. The deletion of critical system files may also require device reconfiguration or replacement, incurring operational costs. Organizations relying on these routers in sensitive environments may face increased risk of network instability or exposure if attackers leverage this flaw to degrade security controls. Given the requirement for authenticated adjacent access, the threat is more pronounced in environments with less network segmentation or where attackers can gain local network presence, such as large enterprises, universities, or public Wi-Fi networks. The impact on confidentiality is limited, but integrity and availability of network services are at risk. This could indirectly affect compliance with European data protection regulations if network outages impede security monitoring or data access controls.

European organizations should immediately inventory their network infrastructure to identify any TP-Link Archer AXE75 v1.6 devices running vulnerable firmware versions (≤ build 20250107). Until an official patch is released, organizations should implement strict network segmentation to limit access to the management and VPN interfaces of these routers, ensuring only trusted and authenticated devices can communicate on adjacent networks. Enforce strong authentication and access controls on router management interfaces to prevent unauthorized access. Monitor network logs and device behavior for unusual file deletion activities or service disruptions. Consider disabling VPN modules if not in use or replacing vulnerable devices with updated hardware or firmware versions once available. Engage with TP-Link support channels for updates on patches or workarounds. Additionally, implement intrusion detection systems capable of identifying anomalous commands or file operations on network devices.