Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1988 vulnerabilities reference this CWE, most recent first.

GHSA-QQM3-6F5J-2J3H

Vulnerability from github – Published: 2022-04-15 00:00 – Updated: 2022-04-24 00:00
VLAI
Details

A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-14T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user\u0027s %TEMP% directory with System privileges through manipulation of symbolic links.",
  "id": "GHSA-qqm3-6f5j-2j3h",
  "modified": "2022-04-24T00:00:38Z",
  "published": "2022-04-15T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1256"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQVR-CJ37-7HHX

Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2025-05-20 18:30
VLAI
Details

An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka 'Windows Shell Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-12T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka \u0027Windows Shell Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-qqvr-cj37-7hhx",
  "modified": "2025-05-20T18:30:46Z",
  "published": "2022-05-24T16:47:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1053"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1053"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1053"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QR39-8J6P-V6QP

Vulnerability from github – Published: 2022-05-17 05:53 – Updated: 2022-05-17 05:53
VLAI
Details

add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-5146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-11-18T16:00:00Z",
    "severity": "MODERATE"
  },
  "details": "add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.",
  "id": "GHSA-qr39-8j6p-v6qp",
  "modified": "2022-05-17T05:53:37Z",
  "published": "2022-05-17T05:53:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5146"
    },
    {
      "type": "WEB",
      "url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html"
    },
    {
      "type": "WEB",
      "url": "http://uvw.ru/report.sid.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QR4G-GHX2-6476

Vulnerability from github – Published: 2022-05-17 03:52 – Updated: 2022-05-17 03:52
VLAI
Details

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-3423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-05-08T10:55:00Z",
    "severity": "LOW"
  },
  "details": "lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.",
  "id": "GHSA-qr4g-ghx2-6476",
  "modified": "2022-05-17T03:52:13Z",
  "published": "2022-05-17T03:52:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3423"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2014-0250.html"
    },
    {
      "type": "WEB",
      "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2014/05/07/7"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QR8H-MPXP-QW6P

Vulnerability from github – Published: 2023-02-07 03:30 – Updated: 2023-02-15 00:30
VLAI
Details

NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42291"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-07T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.",
  "id": "GHSA-qr8h-mpxp-qw6p",
  "modified": "2023-02-15T00:30:38Z",
  "published": "2023-02-07T03:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42291"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QRQX-8QH8-Q9CQ

Vulnerability from github – Published: 2022-05-17 05:48 – Updated: 2022-05-17 05:48
VLAI
Details

The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-2794"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-30T20:00:00Z",
    "severity": "LOW"
  },
  "details": "The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.",
  "id": "GHSA-qrqx-8qh8-q9cq",
  "modified": "2022-05-17T05:48:50Z",
  "published": "2022-05-17T05:48:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2794"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620356"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/67620"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41120"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0651.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2181"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QV27-XJWP-HW6F

Vulnerability from github – Published: 2026-05-18 06:31 – Updated: 2026-05-18 06:31
VLAI
Details

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8784"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-18T04:16:34Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.",
  "id": "GHSA-qv27-xjwp-hw6f",
  "modified": "2026-05-18T06:31:18Z",
  "published": "2026-05-18T06:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8784"
    },
    {
      "type": "WEB",
      "url": "https://github.com/npitre/cramfs-tools/issues/13"
    },
    {
      "type": "WEB",
      "url": "https://github.com/npitre/cramfs-tools/issues/13#issuecomment-4306102583"
    },
    {
      "type": "WEB",
      "url": "https://github.com/npitre/cramfs-tools/commit/b4a3a695c9873f824907bd15659f2a6ac7667b4f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/npitre/cramfs-tools"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/811897"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/364408"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/364408/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QV5P-HRCR-MVX8

Vulnerability from github – Published: 2022-05-01 02:10 – Updated: 2022-05-01 02:10
VLAI
Details

passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-2714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.",
  "id": "GHSA-qv5p-hrcr-mvx8",
  "modified": "2022-05-01T02:10:49Z",
  "published": "2022-05-01T02:10:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2714"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25274"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=303382"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19064"
    },
    {
      "type": "WEB",
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=400"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/23647"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/426535/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16907"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16910"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0791"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QV94-W6RJ-6F5P

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:46
VLAI
Details

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9949"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-23T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the \"cgi_untar\" command. Other commands might also be susceptible. Code can be executed because the \"name\" parameter passed to the cgi_unzip command is not sanitized.",
  "id": "GHSA-qv94-w6rj-6f5p",
  "modified": "2024-04-04T00:46:20Z",
  "published": "2022-05-24T16:46:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9949"
    },
    {
      "type": "WEB",
      "url": "https://bnbdr.github.io/posts/wd"
    },
    {
      "type": "WEB",
      "url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-183-05-20-2019/237717"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bnbdr/wd-rce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVQH-M74G-FQCF

Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2025-03-05 21:32
VLAI
Details

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-qvqh-m74g-fqcf",
  "modified": "2025-03-05T21:32:01Z",
  "published": "2023-03-10T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25146"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000292209"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-172"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.