CVE-2025-15543

Summary

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.VX800v v1.00 < 800.0.11 (0.11.0 3.0.0 v603c.0 Build 250702)affected

Weaknesses

  • CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References