Improper Link Resolution in VX800v SFTP Service by TP-Link
CVE-2025-15541

6.9MEDIUM

Key Information:

Vendor: Tp-link Systems Inc.
Status: Vx800v V1.0
Vendor: CVE Published:; 29 January 2026

🔔 Create Tp-link Systems Inc. Vulnerability Alert

What is CVE-2025-15541?

The VX800v version 1.0 SFTP service by TP-Link is impacted by an improper link resolution vulnerability that allows authenticated adjacent attackers to exploit crafted symbolic links. This flaw can lead to unauthorized access of sensitive system files, posing a risk to confidentiality and potentially undermining the integrity of the system. It's essential for users and administrators of this product to implement necessary security measures and apply the available patches to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

VX800v v1.0 Linux 0 < 800.0.11 (0.11.0 3.0.0 v603c.0 Build 250702)

References

https://www.tp-link.com/de/support/download/vx800v/#Firmware

patch

https://www.tp-link.com/us/support/faq/4930/

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 29, 2026
Vulnerability Reserved
Jan 20, 2026

JSON

Tp-link Systems Inc.

What is CVE-2025-15541?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.