VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 2 of 41
  • CVE-2024-27458HigOct 7, 2024
    risk 0.57cvss 8.8epss 0.00

    A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support.

  • CVE-2018-10928HigSep 4, 2018
    risk 0.57cvss 8.8epss 0.03

    A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and…

  • CVE-2018-12026CriJun 17, 2018
    risk 0.57cvss 9.8epss 0.02

    During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and…

  • CVE-2017-2916HigNov 7, 2017
    risk 0.57cvss 8.8epss 0.02

    An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2013-0261HigMar 8, 2013
    risk 0.57cvss 8.8epss 0.00

    A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data…

  • CVE-2025-7012HigJul 13, 2025
    risk 0.56cvss epss 0.00

    An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.

  • CVE-2024-1753HigMar 18, 2024
    risk 0.56cvss 8.6epss 0.00

    A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause…

  • CVE-2026-53476CriJun 10, 2026
    risk 0.55cvss 9.6epss 0.00

    A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary…

  • CVE-2026-43998HigMay 13, 2026
    risk 0.55cvss 8.5epss 0.01

    vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve()…

  • CVE-2026-41433HigApr 24, 2026
    risk 0.55cvss 8.4epss 0.00

    OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is…

  • CVE-2026-26225HigFeb 12, 2026
    risk 0.55cvss epss 0.00

    Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed…

  • CVE-2025-34352HigDec 2, 2025
    risk 0.55cvss epss 0.00

    JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and…

  • CVE-2025-9968HigOct 13, 2025
    risk 0.55cvss epss 0.00

    A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, please refer to section 'Security Update…

  • CVE-2025-43490HigAug 15, 2025
    risk 0.55cvss epss 0.00

    A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

  • CVE-2025-23267HigJul 17, 2025
    risk 0.55cvss 8.5epss 0.01

    NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of…

  • CVE-2015-6566HigJan 11, 2016
    risk 0.55cvss 8.4epss 0.00

    zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.

  • CVE-2023-33148HigJul 11, 2023
    risk 0.54cvss 7.8epss 0.02

    Microsoft Office Elevation of Privilege Vulnerability

  • CVE-2017-18078HigJan 29, 2018
    risk 0.54cvss 7.8epss 0.01

    systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for…

  • CVE-2016-6253HigJan 20, 2017
    risk 0.54cvss 7.8epss 0.04

    mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.

  • CVE-2016-9566HigDec 15, 2016
    risk 0.54cvss 7.8epss 0.05

    base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.