CVE-2025-15541

EPSS 0.01%
Veröffentlicht 29.01.2026 18:05:57
Zuletzt bearbeitet 09.03.2026 17:51:47
Quelle f23511db-6c3e-4e32-a477-6aa17d
CVE-Watchlists
Login
Unerledigt
Login

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tp-link ≫ Vx800v Firmware Version < 800.0.11

Tp-link ≫ Vx800v Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.014

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.3	2.1	4.2	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
f23511db-6c3e-4e32-a477-6aa17d310630	6.9	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://www.tp-link.com/de/support/download/vx800v/#Firmware

Product

https://www.tp-link.com/us/support/faq/4930/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-15541

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-15541

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-15541

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-15541