CVE-2025-15541

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 4.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.tp-link.com/de/support/download/vx800v/#Firmware	Product
https://www.tp-link.com/us/support/faq/4930/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tp-link:vx800v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:vx800v:1.0:*:*:*:*:*:*:*

History

09 Mar 2026, 17:51

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.3
First Time		Tp-link Tp-link vx800v Firmware Tp-link vx800v
Summary		(es) Resolución incorrecta de enlaces en el servicio SFTP VX800v v1.0 permite a atacantes adyacentes autenticados utilizar enlaces simbólicos manipulados para acceder a archivos del sistema, lo que resulta en un alto impacto en la confidencialidad y un riesgo limitado para la integridad.
CPE		cpe:2.3:o:tp-link:vx800v_firmware:::::::: cpe:2.3:h:tp-link:vx800v:1.0:::::::*
References	~~() https://www.tp-link.com/de/support/download/vx800v/#Firmware -~~	() https://www.tp-link.com/de/support/download/vx800v/#Firmware - Product
References	~~() https://www.tp-link.com/us/support/faq/4930/ -~~	() https://www.tp-link.com/us/support/faq/4930/ - Vendor Advisory

29 Jan 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-29 19:16

Updated : 2026-03-09 17:51

NVD link : CVE-2025-15541

Mitre link : CVE-2025-15541

CVE.ORG link : CVE-2025-15541

JSON object : View

Products Affected

tp-link

vx800v
vx800v_firmware

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2025-15541", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.1}], "cvssMetricV40": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-29T19:16:11.143", "references": [{"url": "https://www.tp-link.com/de/support/download/vx800v/#Firmware", "tags": ["Product"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/faq/4930/", "tags": ["Vendor Advisory"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk."}, {"lang": "es", "value": "Resoluci\u00f3n incorrecta de enlaces en el servicio SFTP VX800v v1.0 permite a atacantes adyacentes autenticados utilizar enlaces simb\u00f3licos manipulados para acceder a archivos del sistema, lo que resulta en un alto impacto en la confidencialidad y un riesgo limitado para la integridad."}], "lastModified": "2026-03-09T17:51:47.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:vx800v_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D323DA3B-C62D-433E-980E-78A9C575D676", "versionEndExcluding": "800.0.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:vx800v:1.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10362289-8BD9-4B51-A347-6E4DA2BC6507"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630"}