CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1988 vulnerabilities reference this CWE, most recent first.
GHSA-QQM3-6F5J-2J3H
Vulnerability from github – Published: 2022-04-15 00:00 – Updated: 2022-04-24 00:00A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links.
{
"affected": [],
"aliases": [
"CVE-2022-1256"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-14T15:15:00Z",
"severity": "HIGH"
},
"details": "A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user\u0027s %TEMP% directory with System privileges through manipulation of symbolic links.",
"id": "GHSA-qqm3-6f5j-2j3h",
"modified": "2022-04-24T00:00:38Z",
"published": "2022-04-15T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1256"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QQVR-CJ37-7HHX
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2025-05-20 18:30An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka 'Windows Shell Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2019-1053"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-12T14:29:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka \u0027Windows Shell Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-qqvr-cj37-7hhx",
"modified": "2025-05-20T18:30:46Z",
"published": "2022-05-24T16:47:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1053"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1053"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1053"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QR39-8J6P-V6QP
Vulnerability from github – Published: 2022-05-17 05:53 – Updated: 2022-05-17 05:53add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.
{
"affected": [],
"aliases": [
"CVE-2008-5146"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-18T16:00:00Z",
"severity": "MODERATE"
},
"details": "add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.",
"id": "GHSA-qr39-8j6p-v6qp",
"modified": "2022-05-17T05:53:37Z",
"published": "2022-05-17T05:53:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5146"
},
{
"type": "WEB",
"url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html"
},
{
"type": "WEB",
"url": "http://uvw.ru/report.sid.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QR4G-GHX2-6476
Vulnerability from github – Published: 2022-05-17 03:52 – Updated: 2022-05-17 03:52lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
{
"affected": [],
"aliases": [
"CVE-2014-3423"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-05-08T10:55:00Z",
"severity": "LOW"
},
"details": "lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.",
"id": "GHSA-qr4g-ghx2-6476",
"modified": "2022-05-17T03:52:13Z",
"published": "2022-05-17T03:52:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3423"
},
{
"type": "WEB",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"type": "WEB",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QR8H-MPXP-QW6P
Vulnerability from github – Published: 2023-02-07 03:30 – Updated: 2023-02-15 00:30NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.
{
"affected": [],
"aliases": [
"CVE-2022-42291"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-07T03:15:00Z",
"severity": "MODERATE"
},
"details": "NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.",
"id": "GHSA-qr8h-mpxp-qw6p",
"modified": "2023-02-15T00:30:38Z",
"published": "2023-02-07T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42291"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QRQX-8QH8-Q9CQ
Vulnerability from github – Published: 2022-05-17 05:48 – Updated: 2022-05-17 05:48The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.
{
"affected": [],
"aliases": [
"CVE-2010-2794"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-08-30T20:00:00Z",
"severity": "LOW"
},
"details": "The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.",
"id": "GHSA-qrqx-8qh8-q9cq",
"modified": "2022-05-17T05:48:50Z",
"published": "2022-05-17T05:48:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2794"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=620356"
},
{
"type": "WEB",
"url": "http://osvdb.org/67620"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41120"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0651.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/2181"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QV27-XJWP-HW6F
Vulnerability from github – Published: 2026-05-18 06:31 – Updated: 2026-05-18 06:31A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2026-8784"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-18T04:16:34Z",
"severity": "LOW"
},
"details": "A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.",
"id": "GHSA-qv27-xjwp-hw6f",
"modified": "2026-05-18T06:31:18Z",
"published": "2026-05-18T06:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8784"
},
{
"type": "WEB",
"url": "https://github.com/npitre/cramfs-tools/issues/13"
},
{
"type": "WEB",
"url": "https://github.com/npitre/cramfs-tools/issues/13#issuecomment-4306102583"
},
{
"type": "WEB",
"url": "https://github.com/npitre/cramfs-tools/commit/b4a3a695c9873f824907bd15659f2a6ac7667b4f"
},
{
"type": "WEB",
"url": "https://github.com/npitre/cramfs-tools"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/811897"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/364408"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/364408/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QV5P-HRCR-MVX8
Vulnerability from github – Published: 2022-05-01 02:10 – Updated: 2022-05-01 02:10passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.
{
"affected": [],
"aliases": [
"CVE-2005-2714"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-12-31T05:00:00Z",
"severity": "MODERATE"
},
"details": "passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.",
"id": "GHSA-qv5p-hrcr-mvx8",
"modified": "2022-05-01T02:10:49Z",
"published": "2022-05-01T02:10:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2714"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25274"
},
{
"type": "WEB",
"url": "http://docs.info.apple.com/article.html?artnum=303382"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19064"
},
{
"type": "WEB",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=400"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/23647"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/426535/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/16907"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/16910"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/0791"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QV94-W6RJ-6F5P
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:46Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized.
{
"affected": [],
"aliases": [
"CVE-2019-9949"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-23T14:29:00Z",
"severity": "HIGH"
},
"details": "Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the \"cgi_untar\" command. Other commands might also be susceptible. Code can be executed because the \"name\" parameter passed to the cgi_unzip command is not sanitized.",
"id": "GHSA-qv94-w6rj-6f5p",
"modified": "2024-04-04T00:46:20Z",
"published": "2022-05-24T16:46:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9949"
},
{
"type": "WEB",
"url": "https://bnbdr.github.io/posts/wd"
},
{
"type": "WEB",
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-183-05-20-2019/237717"
},
{
"type": "WEB",
"url": "https://github.com/bnbdr/wd-rce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QVQH-M74G-FQCF
Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2025-03-05 21:32A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-25146"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-10T21:15:00Z",
"severity": "HIGH"
},
"details": "A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"id": "GHSA-qvqh-m74g-fqcf",
"modified": "2025-03-05T21:32:01Z",
"published": "2023-03-10T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25146"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000292209"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-172"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.