CVE-2025-15541

Published: Jan 29, 2026

Modified: Jan 29, 2026

PUBLISHED

Description

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.

Vendor	Product	Versions
TP-Link Systems Inc.	VX800v v1.0	affected `0 - < 800.0.11 (0.11.0 3.0.0 v603c.0 Build 250702)`

Weaknesses (CWE)

CWE-59

References

https://www.tp-link.com/de/support/download/vx800v/#Firmware

patch

https://www.tp-link.com/us/support/faq/4930/

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-15541

Description

Affected Products

Weaknesses (CWE)

References