Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026

Path Traversal on TP-Link Deco BE25

CVE-2026-0655

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822.

Affected products

TP-Link/Deco BE25llm-create
Range: <=1.1.1 Build 20250822
TP-Link Systems Inc./Deco BE25 v1.0v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.tp-link.com/en/support/download/deco-be25/mitrepatch
www.tp-link.com/sg/support/download/deco-be25/mitrepatch
www.tp-link.com/us/support/download/deco-be25/v1/mitrepatch
www.tp-link.com/us/support/faq/4993/mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000