CVE-2025-15543
Unknown Unknown - Not Provided
Improper Link Resolution in VX800v USB Allows Root Filesystem Exposure

Publication date: 2026-01-29

Last updated on: 2026-03-09

Assigner: TPLink

Description
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15543
EUVD
EUVD-2025-206534
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tp-link vx800v_firmware to 800.0.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper link resolution issue in the USB HTTP access path of VX800v version 1.0. It allows a specially crafted USB device, when physically connected to the system, to expose the root filesystem contents. This means an attacker with physical access can gain read-only access to system files.

Impact Analysis

The vulnerability can impact you by allowing an attacker with physical access to your device to read sensitive system files without authorization. This could lead to information disclosure and potential further exploitation depending on the contents of the exposed files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15543. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart