VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 7 of 41
  • CVE-2026-7832HigMay 5, 2026
    risk 0.46cvss 7.0epss 0.00

    A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It…

  • CVE-2026-41364HigApr 28, 2026
    risk 0.46cvss 8.1epss 0.01

    OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote…

  • CVE-2026-0827HigApr 15, 2026
    risk 0.46cvss 7.1epss 0.00

    During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file…

  • CVE-2024-12216HigMar 20, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts `tar.gz` files from URLs without proper sanitization, making it susceptible to a TarSlip…

  • CVE-2024-44258HigOct 28, 2024
    risk 0.46cvss 7.1epss 0.01

    This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.

  • CVE-2018-6557HigAug 21, 2018
    risk 0.46cvss 7.0epss 0.00

    The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel…

  • CVE-2018-14335MedJul 24, 2018
    risk 0.46cvss 6.5epss 0.13

    An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.

  • CVE-2013-0159HigMay 1, 2018
    risk 0.46cvss 7.1epss 0.00

    The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.

  • CVE-2016-3108HigJun 8, 2017
    risk 0.46cvss 7.1epss 0.00

    The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.

  • CVE-2004-0689HigSep 28, 2004
    risk 0.46cvss 7.1epss 0.00

    KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

  • CVE-2004-0217HigApr 15, 2004
    risk 0.46cvss 7.0epss 0.00

    The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.

  • CVE-2003-0844HigNov 17, 2003
    risk 0.46cvss 7.1epss 0.00

    mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on…

  • CVE-2024-12905HigMar 27, 2025
    risk 0.45cvss 7.5epss 0.02

    An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or…

  • CVE-2026-44711HigMay 27, 2026
    risk 0.44cvss 7.9epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.

  • CVE-2025-24918MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Improper link resolution before file access ('link following') for some Intel(R) Server Configuration Utility software and Intel(R) Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System…

  • CVE-2024-29188HigMar 24, 2024
    risk 0.44cvss 7.9epss 0.00

    WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree…

  • CVE-2014-3219HigFeb 9, 2018
    risk 0.44cvss 7.8epss 0.00

    fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

  • CVE-2017-12172MedNov 22, 2017
    risk 0.44cvss 6.7epss 0.01

    PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account.…

  • CVE-2017-9525MedJun 9, 2017
    risk 0.44cvss 6.7epss 0.01

    In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.

  • CVE-2015-6240HigJun 7, 2017
    risk 0.44cvss 7.8epss 0.00

    The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.