CWE-59— Improper Link Resolution Before File Access (Link Following)
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.— MITRE CWE catalog
1,471 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-59page 19 of 30
- CVE-2022-43293MEDIUMCVSS 5.9EG 5.92023-04-11
Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.
- CVE-2022-44747HIGHCVSS 7.8EG 7.82022-11-07
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
- CVE-2022-45412HIGHCVSS 8.8EG 8.82022-12-22
When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-b…
- CVE-2022-45440MEDIUMCVSS 4.4EG 4.42023-01-17
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vuln…
- CVE-2022-4563HIGHCVSS 7.8EG 7.82022-12-16
A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is requ…
- CVE-2022-45697HIGHCVSS 7.8EG 7.82023-02-27
Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory.
- CVE-2022-45798HIGHCVSS 7.8EG 7.82022-12-24
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to …
- CVE-2022-46869HIGHCVSS 7.8EG 7.32023-08-31
Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis True Image OEM (Windows) before build 42575.
- CVE-2022-47188HIGHCVSS 7.5EG 7.52023-03-31
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the conten…
- CVE-2022-47505HIGHCVSS 7.8EG 7.82023-04-21
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.
- CVE-2022-48579HIGHCVSS 7.5EG 7.52023-08-07
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
- CVE-2023-0652HIGHCVSS 7.0EG 7.02023-04-06
Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and esca…
- CVE-2023-1314HIGHCVSS 7.5EG 7.52023-03-21
A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerabilit…
- CVE-2023-1412HIGHCVSS 7.0EG 7.02023-04-05
An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opport…
- CVE-2023-20004MEDIUMCVSS 4.4EG 4.42024-11-15
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper acc…
- CVE-2023-20008MEDIUMCVSS 4.4EG 7.12023-01-20
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access co…
- CVE-2023-21542HIGHCVSS 7.0EG 7.02023-01-10
Windows Installer Elevation of Privilege Vulnerability
- CVE-2023-21567MEDIUMCVSS 5.6EG 5.62023-02-14
Visual Studio Denial of Service Vulnerability
- CVE-2023-21678HIGHCVSS 7.8EG 7.82023-01-10
Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2023-21722MEDIUMCVSS 5.0EG 4.42023-02-14
.NET Framework Denial of Service Vulnerability
- CVE-2023-21725MEDIUMCVSS 6.3EG 6.32023-01-10
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
- CVE-2023-21760HIGHCVSS 7.1EG 7.12023-01-10
Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2023-22490MEDIUMCVSS 5.5EG 5.52023-02-14
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even wh…
- CVE-2023-23558MEDIUMCVSS 6.3EG 6.32023-02-16
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive in…
- CVE-2023-23697MEDIUMCVSS 4.7EG 3.32023-02-13
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary fo…
- CVE-2023-24572MEDIUMCVSS 4.7EG 3.32023-02-13
Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to…
- CVE-2023-24577MEDIUMCVSS 5.5EG 5.52023-03-13
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks.
- CVE-2023-24904HIGHCVSS 7.1EG 7.12023-05-09
Windows Installer Elevation of Privilege Vulnerability
- CVE-2023-24930HIGHCVSS 7.8EG 7.82023-03-14
Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability
- CVE-2023-25145HIGHCVSS 7.8EG 7.82023-03-10
A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-p…
- CVE-2023-25146HIGHCVSS 7.8EG 7.82023-03-10
A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an ar…
- CVE-2023-25148HIGHCVSS 7.8EG 7.82023-03-10
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. …
- CVE-2023-25152HIGHCVSS 8.4EG 8.42023-02-08
Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers t…
- CVE-2023-25168CRITICALCVSS 9.6EG 9.62023-02-09
Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host syste…
- CVE-2023-25940MEDIUMCVSS 6.7EG 7.82023-04-04
Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it …
- CVE-2023-26088HIGHCVSS 7.8EG 7.82023-03-23
In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.
- CVE-2023-27347HIGHCVSS 7.8EG 7.82024-05-03
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability t…
- CVE-2023-27469HIGHCVSS 7.1EG 7.12023-06-30
Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character.
- CVE-2023-27529HIGHCVSS 7.8EG 7.82023-05-25
Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the insta…
- CVE-2023-27850MEDIUMCVSS 6.8EG 6.82023-03-10
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.
- CVE-2023-28065MEDIUMCVSS 6.7EG 6.72023-06-23
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading t…
- CVE-2023-28071MEDIUMCVSS 6.3EG 6.32023-06-23
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to c…
- CVE-2023-28141MEDIUMCVSS 6.7EG 6.72023-04-18
An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of th…
- CVE-2023-28222HIGHCVSS 7.1EG 7.12023-04-11
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-28642MEDIUMCVSS 6.1EG 6.12023-03-29
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been f…
- CVE-2023-28797MEDIUMCVSS 6.3EG 6.32023-10-23
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.
- CVE-2023-28868HIGHCVSS 8.1EG 8.12023-12-09
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link.
- CVE-2023-28869MEDIUMCVSS 6.5EG 6.52023-12-09
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link.
- CVE-2023-28871MEDIUMCVSS 4.3EG 4.32023-12-09
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link.
- CVE-2023-28872HIGHCVSS 8.8EG 8.82023-12-25
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location.
Map vulnerabilities like CWE-59 to your infrastructure
EchelonGraph correlates every CVE — across CWE-59 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →