CWE-59— Improper Link Resolution Before File Access (Link Following)
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.— MITRE CWE catalog
1,471 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-59page 24 of 30
- CVE-2024-6233HIGHCVSS 7.8EG 7.82024-11-22
Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attack…
- CVE-2024-6260HIGHCVSS 7.8EG 7.02024-11-22
Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the abi…
- CVE-2024-6868CRITICALCVSS 9.8EG 8.12024-10-29
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted…
- CVE-2024-7227HIGHCVSS 7.8EG 7.82024-11-22
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ab…
- CVE-2024-7228MEDIUMCVSS 5.5EG 6.12024-11-22
Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the abi…
- CVE-2024-7229HIGHCVSS 7.8EG 7.82024-11-22
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability t…
- CVE-2024-7230HIGHCVSS 7.8EG 7.82024-11-22
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability t…
- CVE-2024-7231HIGHCVSS 7.8EG 7.82024-11-22
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability t…
- CVE-2024-7232HIGHCVSS 7.8EG 7.82024-11-22
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ab…
- CVE-2024-7233HIGHCVSS 7.8EG 7.82024-11-22
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ab…
- CVE-2024-7234HIGHCVSS 7.8EG 7.82024-11-22
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability …
- CVE-2024-7235MEDIUMCVSS 5.5EG 6.12024-11-22
AVG AntiVirus Free Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability…
- CVE-2024-7236MEDIUMCVSS 5.5EG 5.32024-11-22
AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first ob…
- CVE-2024-7237HIGHCVSS 7.8EG 7.82024-11-22
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability …
- CVE-2024-7238HIGHCVSS 7.8EG 7.82024-11-22
VIPRE Advanced Security SBAMSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain t…
- CVE-2024-7239HIGHCVSS 7.8EG 7.82024-11-22
VIPRE Advanced Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the abili…
- CVE-2024-7240HIGHCVSS 7.8EG 7.32024-11-22
F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is requi…
- CVE-2024-7241HIGHCVSS 7.8EG 7.82024-11-22
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to ex…
- CVE-2024-7242HIGHCVSS 7.8EG 7.82024-11-22
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to ex…
- CVE-2024-7243HIGHCVSS 7.8EG 7.82024-11-22
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to ex…
- CVE-2024-7249HIGHCVSS 7.8EG 7.82024-07-29
Comodo Firewall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Firewall. An attacker must first obtain the ability to execute lo…
- CVE-2024-7250HIGHCVSS 7.8EG 7.82024-07-29
Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must fir…
- CVE-2024-7251HIGHCVSS 7.8EG 7.82024-07-29
Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must fir…
- CVE-2024-7252HIGHCVSS 7.8EG 7.82024-07-29
Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must fir…
- CVE-2024-8404HIGHCVSS 7.8EG 7.82024-09-26
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting…
- CVE-2024-9341MEDIUMCVSS 5.4EG 5.42024-10-01
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic li…
- CVE-2024-9524HIGHCVSS 7.8EG 7.82025-05-09
Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges and execute arbitrary code in the conte…
- CVE-2024-9766HIGHCVSS 7.8EG 7.82024-11-22
Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability t…
- CVE-2025-0146LOWCVSS 3.9EG 3.92025-01-30
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.
- CVE-2025-0377HIGHCVSS 7.5EG 7.52025-01-21
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
- CVE-2025-0413HIGHCVSS 7.8EG 7.82025-02-05
Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obt…
- CVE-2025-0913MEDIUMCVSS 5.5EG 5.52025-06-11
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target…
- CVE-2025-1079HIGHCVSS 7.8EG 7.82025-05-12
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature
- CVE-2025-11190MEDIUMCVSS 5.4EG 5.42025-10-10
The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.
- CVE-2025-11462HIGHCVSS 7.8EG 7.82025-10-07
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rota…
- CVE-2025-11489MEDIUMCVSS 4.5EG 4.52025-10-08
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack…
- CVE-2025-11578HIGHCVSS 7.2EG 7.22025-11-10
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By cra…
- CVE-2025-12341HIGHCVSS 7.8EG 7.82025-10-28
A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulation results in link following. The attack …
- CVE-2025-12418MEDIUMCVSS 5.6EG 5.62025-11-07
Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user wri…
- CVE-2025-12838HIGHCVSS 7.3EG 7.32025-12-23
MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to exec…
- CVE-2025-13154MEDIUMCVSS 5.5EG 5.52026-01-14
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
- CVE-2025-14693MEDIUMCVSS 6.2EG 6.62025-12-15
A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The expl…
- CVE-2025-15310HIGHCVSS 7.8EG 7.82026-02-10
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
- CVE-2025-15313MEDIUMCVSS 5.5EG 5.52026-02-10
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
- CVE-2025-15314MEDIUMCVSS 5.5EG 5.52026-02-10
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
- CVE-2025-15318MEDIUMCVSS 5.5EG 5.52026-02-09
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.
- CVE-2025-15319HIGHCVSS 7.8EG 7.82026-02-09
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
- CVE-2025-15324MEDIUMCVSS 6.6EG 6.62026-02-05
Tanium addressed a documentation issue in Engage.
- CVE-2025-15328MEDIUMCVSS 5.0EG 5.02026-02-05
Tanium addressed an improper link resolution before file access vulnerability in Enforce.
- CVE-2025-15541MEDIUMCVSS 6.3EG 6.32026-01-29
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.
Map vulnerabilities like CWE-59 to your infrastructure
EchelonGraph correlates every CVE — across CWE-59 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →