πŸ” CVE Alert

CVE-2026-0655

UNKNOWN 0.0

Path Traversal on TP-Link Deco BE25

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service.Β Β This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822.

CWE CWE-22
Vendor tp-link systems inc.
Product deco be25 v1.0
Published Mar 2, 2026
Last Updated Mar 2, 2026
Stay Ahead of the Next One

Get instant alerts for tp-link systems inc. deco be25 v1.0

Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. deco be25 v1.0 are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

TP-Link Systems Inc. / Deco BE25 v1.0
0 ≀ 1.1.1 Build 20250822

References

NVD β†— CVE.org β†— EPSS Data β†—
tp-link.com: https://www.tp-link.com/sg/support/download/deco-be25/#Firmware tp-link.com: https://www.tp-link.com/en/support/download/deco-be25/#Firmware tp-link.com: https://www.tp-link.com/us/support/download/deco-be25/v1/#Firmware tp-link.com: https://www.tp-link.com/us/support/faq/4993/

Credits

jro