Detections
Analytics

CVE-2025-15541

medium

Description

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.

References

https://www.tp-link.com/us/support/faq/4930/

https://www.tp-link.com/de/support/download/vx800v/#Firmware

Details

Source: Mitre, NVD

Published: 2026-01-29

Updated: 2026-02-04

Risk Information

CVSS v2

Base Score: 4.1

Vector: CVSS2#AV:A/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00007