VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 1 of 41
  • CVE-2024-57728HigKEVJan 15, 2025
    risk 0.69cvss 7.2epss 0.08

    SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

  • CVE-2024-28189CriApr 18, 2024
    risk 0.66cvss 10.0epss 0.07

    Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on…

  • CVE-2024-28185CriApr 18, 2024
    risk 0.66cvss 10.0epss 0.07

    Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a…

  • CVE-2015-1130HigKEVApr 10, 2015
    risk 0.66cvss 7.8epss 0.10

    The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

  • CVE-2018-5225CriMar 22, 2018
    risk 0.65cvss 9.9epss 0.04

    In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x),…

  • CVE-2026-7374CriMay 26, 2026
    risk 0.64cvss 9.9epss 0.01

    A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket…

  • CVE-2025-60710HigKEVNov 11, 2025
    risk 0.64cvss 7.8epss 0.05

    Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

  • CVE-2025-30457CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.01

    This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to create symlinks to protected regions of the disk.

  • CVE-2018-1000544CriJun 26, 2018
    risk 0.64cvss 9.8epss 0.04

    rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can…

  • CVE-2003-1233CriDec 31, 2003
    risk 0.64cvss 9.8epss 0.02

    Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or…

  • CVE-2026-41091HigKEVMay 20, 2026
    risk 0.63cvss 7.8epss 0.08

    Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

  • CVE-2026-54352criJun 22, 2026
    risk 0.59cvss epss 0.00

    ## Summary `POST /api/pwa/process-zip` at `packages/server/src/api/routes/static.ts:24` accepts a builder-uploaded `.zip`, extracts it with `extract-zip@2.0.1` into a temp directory, then for each entry listed in `icons.json` validates the icon path, opens it, and streams the…

  • CVE-2017-1002101HigMar 13, 2018
    risk 0.58cvss 8.8epss 0.12

    In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including…

  • CVE-2026-44881CriMay 28, 2026
    risk 0.57cvss 9.9epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git…

  • CVE-2021-47949HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.01

    CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in…

  • CVE-2026-5161HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2.

  • CVE-2025-43257HigApr 2, 2026
    risk 0.57cvss 8.7epss 0.00

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox.

  • CVE-2025-41668HigJul 8, 2025
    risk 0.57cvss 8.8epss 0.01

    A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.

  • CVE-2025-41667HigJul 8, 2025
    risk 0.57cvss 8.8epss 0.01

    A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.

  • CVE-2025-41666HigJul 8, 2025
    risk 0.57cvss 8.8epss 0.01

    A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.