CWE-59— Improper Link Resolution Before File Access (Link Following)
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.— MITRE CWE catalog
1,471 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-59page 21 of 30
- CVE-2023-4052MEDIUMCVSS 6.5EG 6.52023-08-01
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined wit…
- CVE-2023-4053MEDIUMCVSS 6.5EG 6.52023-08-01
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects F…
- CVE-2023-41968MEDIUMCVSS 5.5EG 5.52023-09-27
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files.
- CVE-2023-41969HIGHCVSS 7.3EG 7.32024-03-26
An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later.
- CVE-2023-41971MEDIUMCVSS 5.3EG 5.32024-05-02
An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Windows: before 3.7.
- CVE-2023-42099HIGHCVSS 7.8EG 7.82024-05-03
Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must firs…
- CVE-2023-42125HIGHCVSS 7.8EG 7.82024-05-03
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtai…
- CVE-2023-42126HIGHCVSS 7.8EG 7.82024-05-03
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first …
- CVE-2023-42137HIGHCVSS 7.8EG 7.82024-01-15
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to …
- CVE-2023-42844HIGHCVSS 7.5EG 7.52023-10-25
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.
- CVE-2023-42942HIGHCVSS 7.8EG 7.82024-02-21
This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to ga…
- CVE-2023-43078MEDIUMCVSS 6.7EG 6.72024-08-28
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
- CVE-2023-43116HIGHCVSS 7.8EG 7.82023-12-22
A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-age…
- CVE-2023-43590HIGHCVSS 7.8EG 7.82023-11-15
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
- CVE-2023-45159HIGHCVSS 8.4EG 7.32023-10-05
1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear…
- CVE-2023-46654HIGHCVSS 8.1EG 8.12023-10-25
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure …
- CVE-2023-46655MEDIUMCVSS 6.5EG 6.52023-10-25
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configu…
- CVE-2023-47192HIGHCVSS 7.8EG 7.82024-01-23
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code …
- CVE-2023-4759HIGHCVSS 8.8EG 8.82023-09-12
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when …
- CVE-2023-50197HIGHCVSS 7.8EG 7.82024-05-03
Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must firs…
- CVE-2023-50226HIGHCVSS 7.8EG 7.82024-05-03
Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability t…
- CVE-2023-51636HIGHCVSS 7.8EG 7.82024-05-22
Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privil…
- CVE-2023-51654MEDIUMCVSS 5.5EG 5.52023-12-26
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC.
- CVE-2023-52090HIGHCVSS 7.8EG 7.82024-01-23
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code o…
- CVE-2023-52091HIGHCVSS 7.8EG 7.82024-01-23
An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged …
- CVE-2023-52092HIGHCVSS 7.8EG 7.82024-01-23
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code o…
- CVE-2023-52094HIGHCVSS 7.8EG 7.82024-01-23
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: …
- CVE-2023-52138HIGHCVSS 8.2EG 8.22024-02-05
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives,…
- CVE-2023-52338HIGHCVSS 7.8EG 7.82024-01-23
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacke…
- CVE-2023-53973HIGHCVSS 8.4EG 8.42025-12-22
Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to …
- CVE-2023-5834HIGHCVSS 7.8EG 3.82023-10-27
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
- CVE-2023-6069HIGHCVSS 8.8EG 9.92023-11-10
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
- CVE-2023-6335MEDIUMCVSS 6.4EG 6.42024-01-16
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
- CVE-2023-6336HIGHCVSS 7.2EG 7.22024-01-16
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
- CVE-2023-7216MEDIUMCVSS 5.3EG 8.82024-02-05
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symli…
- CVE-2024-0068MEDIUMCVSS 5.5EG 5.52024-02-29
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.
- CVE-2024-0206HIGHCVSS 7.8EG 7.12024-01-09
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the re…
- CVE-2024-10007CRITICALCVSS 9.1EG 9.12024-11-07
A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administ…
- CVE-2024-10986HIGHCVSS 8.8EG 8.82025-03-20
GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, t…
- CVE-2024-11857HIGHCVSS 7.8EG 7.82025-06-02
Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by th…
- CVE-2024-12216HIGHCVSS 7.1EG 7.12025-03-20
A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts `tar.gz` files from URLs without proper sanitization…
- CVE-2024-12390HIGHCVSS 8.8EG 8.82025-03-20
A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports syml…
- CVE-2024-12552HIGHCVSS 7.8EG 7.02024-12-13
Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability t…
- CVE-2024-12753HIGHCVSS 7.3EG 6.72024-12-30
Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute …
- CVE-2024-12754MEDIUMCVSS 5.5EG 5.52024-12-30
AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privile…
- CVE-2024-12905HIGHCVSS 7.5EG 7.52025-03-27
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can resul…
- CVE-2024-13043HIGHCVSS 7.8EG 7.82024-12-30
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to ex…
- CVE-2024-1329HIGHCVSS 7.7EG 7.72024-02-08
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1…
- CVE-2024-13759HIGHCVSS 7.8EG 7.82025-05-09
Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion
- CVE-2024-13944HIGHCVSS 7.8EG 7.82025-05-09
Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the contex…
Map vulnerabilities like CWE-59 to your infrastructure
EchelonGraph correlates every CVE — across CWE-59 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →