CVE-2025-15541

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 4.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.tp-link.com/de/support/download/vx800v/#Firmware	Product
https://www.tp-link.com/us/support/faq/4930/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tp-link:vx800v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:vx800v:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-29 19:16

Updated : 2026-03-09 17:51

NVD link : CVE-2025-15541

Mitre link : CVE-2025-15541

CVE.ORG link : CVE-2025-15541

JSON object : View

Products Affected

tp-link

vx800v
vx800v_firmware

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2025-15541", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.1}], "cvssMetricV40": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-29T19:16:11.143", "references": [{"url": "https://www.tp-link.com/de/support/download/vx800v/#Firmware", "tags": ["Product"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/faq/4930/", "tags": ["Vendor Advisory"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk."}, {"lang": "es", "value": "Resoluci\u00f3n incorrecta de enlaces en el servicio SFTP VX800v v1.0 permite a atacantes adyacentes autenticados utilizar enlaces simb\u00f3licos manipulados para acceder a archivos del sistema, lo que resulta en un alto impacto en la confidencialidad y un riesgo limitado para la integridad."}], "lastModified": "2026-03-09T17:51:47.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:vx800v_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D323DA3B-C62D-433E-980E-78A9C575D676", "versionEndExcluding": "800.0.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:vx800v:1.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10362289-8BD9-4B51-A347-6E4DA2BC6507"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630"}