Common Weakness Enumeration

CWE-61

Allowed

UNIX Symbolic Link (Symlink) Following

Abstraction: Compound · Status: Incomplete

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

270 vulnerabilities reference this CWE, most recent first.

CVE-2025-36564 (GCVE-0-2025-36564)

Vulnerability from cvelistv5 – Published: 2025-06-03 14:41 – Updated: 2026-02-26 18:27
VLAI
Summary
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
Impacted products
Vendor Product Version
Dell Encryption Admin Utilities Affected: N/A , < 11.10.2 (semver)
Create a notification for this product.
Date Public
2025-06-02 17:00
Credits
Dell Technologies would like to thank FalconCorrup for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36564",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-04T03:56:04.343578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:27:38.423Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Encryption Admin Utilities",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "11.10.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell Technologies would like to thank FalconCorrup for reporting this issue."
        }
      ],
      "datePublic": "2025-06-02T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.\u003cbr\u003e"
            }
          ],
          "value": "Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-03T14:41:03.795Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000325203/dsa-2025-224"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-36564",
    "datePublished": "2025-06-03T14:41:03.795Z",
    "dateReserved": "2025-04-15T21:29:33.583Z",
    "dateUpdated": "2026-02-26T18:27:38.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-33225 (GCVE-0-2025-33225)

Vulnerability from cvelistv5 – Published: 2025-12-16 17:37 – Updated: 2025-12-16 18:04
VLAI
Summary
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
Impacted products
Vendor Product Version
NVIDIA Resiliency Extension Affected: Main branch prior to 0.5.0 release
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33225",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T17:50:59.776749Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T18:04:44.339Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Resiliency Extension",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Main branch prior to 0.5.0 release"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering."
            }
          ],
          "value": "NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Escalation of privileges, code execution, information disclosure, denial of service, data tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T17:37:46.433Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33225"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33225"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5746"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-33225",
    "datePublished": "2025-12-16T17:37:46.433Z",
    "dateReserved": "2025-04-15T18:51:06.915Z",
    "dateUpdated": "2025-12-16T18:04:44.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-31133 (GCVE-0-2025-31133)

Vulnerability from cvelistv5 – Published: 2025-11-06 18:47 – Updated: 2025-11-06 19:22
VLAI
Title
runc container escape via "masked path" abuse due to mount race conditions
Summary
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-61 - UNIX Symbolic Link (Symlink) Following
  • CWE-363 - Race Condition Enabling Link Following
Assigner
Impacted products
Vendor Product Version
opencontainers runc Affected: < 1.2.8
Affected: >= 1.3.0-rc.1, < 1.3.3
Affected: >= 1.4.0-rc.1, <= 1.4.0-rc.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-31133",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-06T19:03:45.356326Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-06T19:22:22.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "runc",
          "vendor": "opencontainers",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.3.0-rc.1, \u003c 1.3.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.4.0-rc.1, \u003c= 1.4.0-rc.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack:  an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-363",
              "description": "CWE-363: Race Condition Enabling Link Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T18:47:47.335Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/8476df83b534a2522b878c0507b3491def48db9f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/8476df83b534a2522b878c0507b3491def48db9f"
        },
        {
          "name": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64"
        }
      ],
      "source": {
        "advisory": "GHSA-9493-h29p-rfm2",
        "discovery": "UNKNOWN"
      },
      "title": "runc container escape via \"masked path\" abuse due to mount race conditions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-31133",
    "datePublished": "2025-11-06T18:47:47.335Z",
    "dateReserved": "2025-03-26T15:04:52.627Z",
    "dateUpdated": "2025-11-06T19:22:22.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-30485 (GCVE-0-2025-30485)

Vulnerability from cvelistv5 – Published: 2025-04-03 06:18 – Updated: 2025-04-03 13:41
VLAI
Summary
UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-61 - UNIX symbolic link (Symlink) following
Assigner
Impacted products
Vendor Product Version
Century Systems Co., Ltd. FutureNet NXR-1420 Affected: firmware version 31.0.1 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-1300 series Affected: firmware version 7.4.12 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-650 Affected: firmware version 21.16.5 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-610X series Affected: firmware version 21.14.11D and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-530 Affected: firmware version 21.11.15 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-350/C Affected: firmware version 5.30.9C and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-230/C Affected: firmware version 5.30.13 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-160/LW Affected: firmware version 21.8.4 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G540 series Affected: firmware version 21.17.0
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G260 series Affected: firmware version 9.12.17 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G240 series Affected: firmware version 9.12.17 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G180/L-CA Affected: firmware version 21.7.33 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G120 series Affected: firmware version 21.15.2C1 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G110 series Affected: firmware version 21.15.10 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G100 series Affected: firmware version 6.23.11 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G060 series Affected: firmware version 21.15.6C2 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G050 series Affected: firmware version 21.12.11 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet VXR-x64 Affected: firmware version 21.7.33 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet VXR-x86 Affected: firmware version 10.1.5 and earlier
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-1200 Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-130/C Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-155/C-L Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-155/C-XW Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-155/C-WM Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-125/CX Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-120/C Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G100/SLW Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G100/SL Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G100/S Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G100/N Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet NXR-G100/F Affected: N/A
Create a notification for this product.
Century Systems Co., Ltd. FutureNet WXR-250 Affected: N/A
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30485",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-03T13:39:37.971930Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T13:41:26.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FutureNet NXR-1420",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 31.0.1 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-1300 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 7.4.12 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-650",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.16.5 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-610X series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.14.11D and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-530",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.11.15 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-350/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.30.9C and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-230/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.30.13 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-160/LW",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.8.4 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G540 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.17.0"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G260 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 9.12.17 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G240 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 9.12.17 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G180/L-CA",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.7.33 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G120 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.15.2C1 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G110 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.15.10 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G100 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 6.23.11 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G060 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.15.6C2 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G050 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.12.11 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet VXR-x64",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.7.33 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet VXR-x86",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 10.1.5 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-1200",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet NXR-130/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet NXR-155/C-L",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet NXR-155/C-XW",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet NXR-155/C-WM",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet NXR-125/CX",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet NXR-120/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G100/SLW",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G100/SL",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G100/S",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G100/N",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G100/F",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "FutureNet WXR-250",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "UNIX symbolic link (Symlink) following",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-03T06:18:36.311Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU92821536/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2025-30485",
    "datePublished": "2025-04-03T06:18:36.311Z",
    "dateReserved": "2025-03-24T00:55:23.294Z",
    "dateUpdated": "2025-04-03T13:41:26.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-29787 (GCVE-0-2025-29787)

Vulnerability from cvelistv5 – Published: 2025-03-17 13:19 – Updated: 2025-03-19 15:50
VLAI
Title
zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write
Summary
`zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the `zip` crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in the file system when extracted. Users who extract untrusted archive files using the following high-level API method may be affected and critical files on the system may be overwritten with arbitrary file permissions, which can potentially lead to code execution. Version 2.3.0 fixes the issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-61 - UNIX Symbolic Link (Symlink) Following
  • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize
Assigner
Impacted products
Vendor Product Version
zip-rs zip2 Affected: >= 1.3.0, < 2.3.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29787",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-17T15:50:24.303460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-17T15:50:36.190Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "zip2",
          "vendor": "zip-rs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.3.0, \u003c 2.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "`zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the `zip` crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in the file system when extracted. Users who extract untrusted archive files using the following high-level API method may be affected and critical files on the system may be overwritten with arbitrary file permissions, which can potentially lead to code execution. Version 2.3.0 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-180",
              "description": "CWE-180: Incorrect Behavior Order: Validate Before Canonicalize",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-19T15:50:49.160Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/zip-rs/zip2/security/advisories/GHSA-94vh-gphv-8pm8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/zip-rs/zip2/security/advisories/GHSA-94vh-gphv-8pm8"
        },
        {
          "name": "https://github.com/zip-rs/zip2/commit/a2e062f37066c3b12860a32eb1cb44856cfb7afe",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zip-rs/zip2/commit/a2e062f37066c3b12860a32eb1cb44856cfb7afe"
        },
        {
          "name": "https://gist.github.com/eternal-flame-AD/bf71ef4f6828e741eb12ce7fd47b7b85",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/eternal-flame-AD/bf71ef4f6828e741eb12ce7fd47b7b85"
        },
        {
          "name": "https://github.com/zip-rs/zip2/releases/tag/v2.3.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zip-rs/zip2/releases/tag/v2.3.0"
        }
      ],
      "source": {
        "advisory": "GHSA-94vh-gphv-8pm8",
        "discovery": "UNKNOWN"
      },
      "title": "zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-29787",
    "datePublished": "2025-03-17T13:19:23.925Z",
    "dateReserved": "2025-03-11T14:23:00.476Z",
    "dateUpdated": "2025-03-19T15:50:49.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24886 (GCVE-0-2025-24886)

Vulnerability from cvelistv5 – Published: 2025-01-30 22:40 – Updated: 2025-01-31 16:06
VLAI
Title
pwn.college has Symlink LFI in Dojo repos
Summary
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-61 - UNIX Symbolic Link (Symlink) Following
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
Vendor Product Version
pwncollege dojo Affected: <= 613e4fd654b16e5e0888e9205702bde83de91c60
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24886",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-31T16:05:48.675735Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-31T16:06:07.620Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dojo",
          "vendor": "pwncollege",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 613e4fd654b16e5e0888e9205702bde83de91c60"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-30T22:40:10.799Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pwncollege/dojo/security/advisories/GHSA-fcq8-jqq5-9xmh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pwncollege/dojo/security/advisories/GHSA-fcq8-jqq5-9xmh"
        }
      ],
      "source": {
        "advisory": "GHSA-fcq8-jqq5-9xmh",
        "discovery": "UNKNOWN"
      },
      "title": "pwn.college has Symlink LFI in Dojo repos"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-24886",
    "datePublished": "2025-01-30T22:40:10.799Z",
    "dateReserved": "2025-01-27T15:32:29.450Z",
    "dateUpdated": "2025-01-31T16:06:07.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24832 (GCVE-0-2025-24832)

Vulnerability from cvelistv5 – Published: 2025-02-27 23:00 – Updated: 2025-02-28 15:00
VLAI
Summary
Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.7.615.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24832",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T15:00:32.474414Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T15:00:45.368Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Acronis Backup plugin for cPanel \u0026 WHM",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "1.8.4.866",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Acronis Backup plugin for cPanel \u0026 WHM",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "1.9.1.892",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Acronis Backup extension for Plesk",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "1.8.7.615",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.8.4.866, Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.7.615."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T23:00:16.679Z",
        "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "shortName": "Acronis"
      },
      "references": [
        {
          "name": "SEC-7649",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security-advisory.acronis.com/advisories/SEC-7649"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
    "assignerShortName": "Acronis",
    "cveId": "CVE-2025-24832",
    "datePublished": "2025-02-27T23:00:16.679Z",
    "dateReserved": "2025-01-24T21:09:13.772Z",
    "dateUpdated": "2025-02-28T15:00:45.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-23394 (GCVE-0-2025-23394)

Vulnerability from cvelistv5 – Published: 2025-05-26 15:34 – Updated: 2025-05-27 14:05
VLAI
Title
daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root
Summary
A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
Impacted products
Vendor Product Version
SUSE openSUSE Tumbleweed Affected: ? , < 3.8.4-2.1 (custom)
Create a notification for this product.
Date Public
2025-04-29 08:20
Credits
Matthias Gerstner, SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-23394",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-27T14:04:35.779860Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-27T14:05:20.489Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "cyrus-imapd",
          "product": "openSUSE Tumbleweed",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "3.8.4-2.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matthias Gerstner, SUSE"
        }
      ],
      "datePublic": "2025-04-29T08:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.\u003cp\u003eThis issue affects openSUSE Tumbleweed  cyrus-imapd before 3.8.4-2.1.\u003c/p\u003e"
            }
          ],
          "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed  cyrus-imapd before 3.8.4-2.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T15:34:32.562Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23394"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2025-23394",
    "datePublished": "2025-05-26T15:34:32.562Z",
    "dateReserved": "2025-01-15T12:39:03.324Z",
    "dateUpdated": "2025-05-27T14:05:20.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22480 (GCVE-0-2025-22480)

Vulnerability from cvelistv5 – Published: 2025-02-13 16:04 – Updated: 2025-02-13 16:52
VLAI
Summary
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
Impacted products
Vendor Product Version
Dell Dell SupportAssist OS Recovery Affected: N/A , < 5.5.13.1 (semver)
Create a notification for this product.
Date Public
2025-02-12 18:30
Credits
Dell Technologies would like to thank mdanilor for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22480",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T16:52:46.035544Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-13T16:52:54.710Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Dell SupportAssist OS Recovery",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "5.5.13.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell Technologies would like to thank mdanilor for reporting this issue."
        }
      ],
      "datePublic": "2025-02-12T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.\u003cbr\u003e"
            }
          ],
          "value": "Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-13T16:04:49.529Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000275712/dsa-2025-051"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-22480",
    "datePublished": "2025-02-13T16:04:49.529Z",
    "dateReserved": "2025-01-07T06:04:12.135Z",
    "dateUpdated": "2025-02-13T16:52:54.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-14693 (GCVE-0-2025-14693)

Vulnerability from cvelistv5 – Published: 2025-12-15 00:02 – Updated: 2026-01-28 06:49
VLAI
Title
Ugreen DH2100+ USB symlink
Summary
A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. It is suggested to upgrade the affected component.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.336411 vdb-entrytechnical-description
https://vuldb.com/?ctiid.336411 signaturepermissions-required
https://vuldb.com/?submit.704646 third-party-advisory
https://vuldb.com/?submit.704657 third-party-advisory
https://www.notion.so/2bc6cf4e528a8083bf3fc6f7a953f0a1 exploit
Impacted products
Vendor Product Version
Ugreen DH2100+ Affected: 5.0
Affected: 5.1
Affected: 5.2
Affected: 5.3.0
Create a notification for this product.
Credits
rgyue (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14693",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-15T19:35:07.000915Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-15T19:35:39.780Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "USB Handler"
          ],
          "product": "DH2100+",
          "vendor": "Ugreen",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "status": "affected",
              "version": "5.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "rgyue (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. It is suggested to upgrade the affected component."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "Symlink Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "Link Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T06:49:07.795Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-336411 | Ugreen DH2100+ USB symlink",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.336411"
        },
        {
          "name": "VDB-336411 | CTI Indicators (IOB, IOC)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.336411"
        },
        {
          "name": "Submit #704646 | Ugreen NAS DH2100+ V5.3.0 Incorrect Access Control",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.704646"
        },
        {
          "name": "Submit #704657 | Ugreen Ugreen NAS DH2100+ V5.3.0 Incorrect Access Control (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.704657"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.notion.so/2bc6cf4e528a8083bf3fc6f7a953f0a1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-14T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-14T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-01-28T07:52:33.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Ugreen DH2100+ USB symlink"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-14693",
    "datePublished": "2025-12-15T00:02:06.966Z",
    "dateReserved": "2025-12-14T10:48:51.666Z",
    "dateUpdated": "2026-01-28T06:49:07.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Implementation

Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-27: Leveraging Race Conditions via Symbolic Links

This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.