CWE-59— Improper Link Resolution Before File Access (Link Following)
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.— MITRE CWE catalog
1,471 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-59page 17 of 30
- CVE-2021-41379MEDIUMCVSS 5.5EG 9.0⚠ KEV2021-11-10
Windows Installer Elevation of Privilege Vulnerability
- CVE-2021-41551MEDIUMCVSS 4.9EG 4.92022-01-18
Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link.
- CVE-2021-41641HIGHCVSS 8.4EG 8.42022-06-12
Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.
- CVE-2021-42056MEDIUMCVSS 6.7EG 6.72022-06-24
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitr…
- CVE-2021-42297MEDIUMCVSS 5.0EG 5.02021-11-24
Windows 10 Update Assistant Elevation of Privilege Vulnerability
- CVE-2021-4287MEDIUMCVSS 5.0EG 5.02022-12-27
A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation …
- CVE-2021-43237HIGHCVSS 7.8EG 7.32021-12-15
Windows Setup Elevation of Privilege Vulnerability
- CVE-2021-43238HIGHCVSS 7.8EG 7.82021-12-15
Windows Remote Access Elevation of Privilege Vulnerability
- CVE-2021-44023HIGHCVSS 7.1EG 7.12021-12-16
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modifi…
- CVE-2021-44024HIGHCVSS 7.1EG 7.12022-01-10
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SY…
- CVE-2021-44038HIGHCVSS 7.8EG 7.82021-11-19
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation…
- CVE-2021-44052MEDIUMCVSS 6.5EG 8.12022-05-05
An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file sy…
- CVE-2021-44141MEDIUMCVSS 4.3EG 4.32022-02-21
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix exten…
- CVE-2021-44730HIGHCVSS 7.8EG 7.82022-02-17
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation…
- CVE-2021-45231HIGHCVSS 7.8EG 7.82022-01-10
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitr…
- CVE-2021-45442HIGHCVSS 7.1EG 7.12022-01-10
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-202…
- CVE-2021-47949HIGHCVSS 8.8EG 8.82026-05-10
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipula…
- CVE-2022-0012MEDIUMCVSS 6.1EG 6.12022-01-12
An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denia…
- CVE-2022-0017HIGHCVSS 7.0EG 7.02022-02-10
An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code …
- CVE-2022-0029MEDIUMCVSS 5.5EG 5.52022-09-14
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
- CVE-2022-0799HIGHCVSS 8.8EG 8.82022-04-05
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.
- CVE-2022-1256HIGHCVSS 7.8EG 7.82022-04-14
A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %T…
- CVE-2022-20050MEDIUMCVSS 6.7EG 6.72022-03-10
In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch…
- CVE-2022-20068MEDIUMCVSS 6.7EG 6.72022-04-11
In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Pat…
- CVE-2022-20085MEDIUMCVSS 6.7EG 6.72022-05-03
In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID…
- CVE-2022-20103MEDIUMCVSS 4.4EG 4.42022-05-03
In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: A…
- CVE-2022-20720MEDIUMCVSS 5.5EG 7.22022-04-15
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying …
- CVE-2022-2145MEDIUMCVSS 5.8EG 7.82022-06-28
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
- CVE-2022-21770MEDIUMCVSS 6.7EG 6.72022-07-06
In sound driver, there is a possible information disclosure due to symlink following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0…
- CVE-2022-21838MEDIUMCVSS 5.5EG 7.82022-01-11
Windows Cleanup Manager Elevation of Privilege Vulnerability
- CVE-2022-21895HIGHCVSS 7.8EG 7.82022-01-11
Windows User Profile Service Elevation of Privilege Vulnerability
- CVE-2022-21919HIGHCVSS 7.0EG 9.0⚠ KEV2022-01-11
Windows User Profile Service Elevation of Privilege Vulnerability
- CVE-2022-21944HIGHCVSS 7.8EG 7.82022-01-26
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchma…
- CVE-2022-21997HIGHCVSS 7.1EG 7.12022-02-09
Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2022-21999HIGHCVSS 7.8EG 9.0⚠ KEV2022-02-09
Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2022-22262HIGHCVSS 7.7EG 7.72022-03-01
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attack…
- CVE-2022-22582MEDIUMCVSS 5.5EG 5.52023-02-27
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be…
- CVE-2022-22585HIGHCVSS 7.5EG 7.52022-03-18
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. A…
- CVE-2022-22962HIGHCVSS 7.8EG 7.82022-04-11
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root …
- CVE-2022-22995CRITICALCVSS 10.0EG 9.82022-03-25
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
- CVE-2022-23144CRITICALCVSS 9.1EG 9.12022-09-23
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
- CVE-2022-23742HIGHCVSS 7.8EG 7.82022-05-12
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting C…
- CVE-2022-24372MEDIUMCVSS 4.6EG 4.62022-04-27
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.
- CVE-2022-24671HIGHCVSS 7.8EG 7.82022-02-24
A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must f…
- CVE-2022-24679HIGHCVSS 7.8EG 7.82022-02-24
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents c…
- CVE-2022-24680HIGHCVSS 7.8EG 7.82022-02-24
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents c…
- CVE-2022-24904MEDIUMCVSS 4.3EG 4.32022-05-20
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository…
- CVE-2022-25176MEDIUMCVSS 6.5EG 6.52022-02-15
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attack…
- CVE-2022-25177MEDIUMCVSS 6.5EG 6.52022-02-15
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to confi…
- CVE-2022-25179MEDIUMCVSS 6.5EG 6.52022-02-15
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to confi…
Map vulnerabilities like CWE-59 to your infrastructure
EchelonGraph correlates every CVE — across CWE-59 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →