CVE-2025-15541

Summary

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.VX800v v1.00 < 800.0.11 (0.11.0 3.0.0 v603c.0 Build 250702)affected

Weaknesses

  • CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References