VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 5 of 41
  • CVE-2017-15357HigDec 1, 2017
    risk 0.51cvss 7.4epss 0.01

    The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.

  • CVE-2017-7501HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.00

    It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and…

  • CVE-2015-7529HigNov 6, 2017
    risk 0.51cvss 7.8epss 0.00

    sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

  • CVE-2017-8108HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.

  • CVE-2015-7724HigJun 7, 2017
    risk 0.51cvss 7.8epss 0.01

    AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723.

  • CVE-2015-7723HigJun 7, 2017
    risk 0.51cvss 7.8epss 0.01

    AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack.

  • CVE-2017-6981HigMay 22, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks.

  • CVE-2016-9774HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.01

    The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before…

  • CVE-2016-7490HigNov 10, 2016
    risk 0.51cvss 7.8epss 0.01

    The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.

  • CVE-2003-0578HigAug 18, 2003
    risk 0.51cvss 7.8epss 0.00

    cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.

  • CVE-2026-41236HigJun 4, 2026
    risk 0.50cvss 8.8epss 0.00

    Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to `~/.ssh/authorized_keys` under a customer-controlled…

  • CVE-2026-9804HigMay 28, 2026
    risk 0.50cvss 7.7epss 0.01

    A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim…

  • CVE-2026-48921HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.00

    Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem.

  • CVE-2025-27850HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a…

  • CVE-2025-26625HigOct 17, 2025
    risk 0.49cvss epss 0.01

    Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if…

  • CVE-2018-11637HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.02

    Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root.

  • CVE-2018-12015HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.08

    In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

  • CVE-2017-1000115HigOct 5, 2017
    risk 0.49cvss 7.5epss 0.05

    Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

  • CVE-2015-5705HigSep 6, 2017
    risk 0.49cvss 7.5epss 0.03

    Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

  • CVE-2015-8860HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.05

    The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.