CVE-2025-15541 | THREATINT

Description

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.

PUBLISHED Reserved 2026-01-20 | Published 2026-01-29 | Updated 2026-01-29 | Assigner TPLink

MEDIUM: 6.9CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-59 Improper Link Resolution Before File Access ('Link Following')

Product status

Default status

unaffected

Any version before 800.0.11 (0.11.0 3.0.0 v603c.0 Build 250702)

affected

References

www.tp-link.com/de/support/download/vx800v/ patch

www.tp-link.com/us/support/faq/4930/ vendor-advisory

cve.org (CVE-2025-15541)

nvd.nist.gov (CVE-2025-15541)

Download JSON