CWE-59— Improper Link Resolution Before File Access (Link Following)
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.— MITRE CWE catalog
1,471 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-59page 25 of 30
- CVE-2025-15543MEDIUMCVSS 4.6EG 4.62026-01-29
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files.
- CVE-2025-1683HIGHCVSS 7.8EG 7.82025-03-12
Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbo…
- CVE-2025-1697HIGHCVSS 7.8EG 7.82025-04-18
A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. H…
- CVE-2025-20003HIGHCVSS 8.2EG 8.22025-05-13
Improper link resolution before file access ('Link Following') for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-2102MEDIUMCVSS 5.7EG 5.72025-05-21
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.
- CVE-2025-21188MEDIUMCVSS 6.0EG 6.02025-02-11
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
- CVE-2025-21195MEDIUMCVSS 6.0EG 6.02025-07-08
Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.
- CVE-2025-21204HIGHCVSS 7.8EG 7.82025-04-08
Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
- CVE-2025-21274MEDIUMCVSS 5.5EG 5.52025-01-14
Windows Event Tracing Denial of Service Vulnerability
- CVE-2025-21322HIGHCVSS 7.8EG 7.82025-02-11
Microsoft PC Manager Elevation of Privilege Vulnerability
- CVE-2025-21331HIGHCVSS 7.3EG 7.32025-01-14
Windows Installer Elevation of Privilege Vulnerability
- CVE-2025-21347MEDIUMCVSS 6.0EG 6.02025-02-11
Windows Deployment Services Denial of Service Vulnerability
- CVE-2025-21373HIGHCVSS 7.8EG 7.82025-02-11
Windows Installer Elevation of Privilege Vulnerability
- CVE-2025-21391HIGHCVSS 7.1EG 9.0⚠ KEV2025-02-11
Windows Storage Elevation of Privilege Vulnerability
- CVE-2025-21419HIGHCVSS 7.1EG 7.12025-02-11
Windows Setup Files Cleanup Elevation of Privilege Vulnerability
- CVE-2025-21420HIGHCVSS 7.8EG 7.82025-02-11
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
- CVE-2025-22247MEDIUMCVSS 6.1EG 6.12025-05-12
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
- CVE-2025-22480HIGHCVSS 7.0EG 7.02025-02-13
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevat…
- CVE-2025-23010HIGHCVSS 7.2EG 6.52025-04-10
An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.
- CVE-2025-23267HIGHCVSS 8.5EG 8.52025-07-17
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might l…
- CVE-2025-24103MEDIUMCVSS 5.5EG 5.52025-01-27
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access protected user data.
- CVE-2025-24104MEDIUMCVSS 5.5EG 5.52025-01-27
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files.
- CVE-2025-24136MEDIUMCVSS 4.4EG 4.42025-01-27
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious app may be able to create symlinks to protected regions of the disk.
- CVE-2025-24242MEDIUMCVSS 4.4EG 9.82025-03-31
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information.
- CVE-2025-24278MEDIUMCVSS 5.5EG 9.82025-03-31
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data.
- CVE-2025-24918MEDIUMCVSS 6.7EG 6.72025-11-11
Improper link resolution before file access ('link following') for some Intel(R) Server Configuration Utility software and Intel(R) Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow …
- CVE-2025-25008HIGHCVSS 7.1EG 7.12025-03-11
Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.
- CVE-2025-25185HIGHCVSS 7.5EG 7.52025-03-03
GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then pack…
- CVE-2025-26625HIGHCVSS 8.6EG 8.62025-10-17
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outsi…
- CVE-2025-27727HIGHCVSS 7.8EG 7.82025-04-08
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
- CVE-2025-27850HIGHCVSS 7.5EG 7.52026-05-13
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to …
- CVE-2025-29795HIGHCVSS 7.8EG 7.82025-03-23
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
- CVE-2025-29837MEDIUMCVSS 5.5EG 5.52025-05-13
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.
- CVE-2025-29975HIGHCVSS 7.8EG 7.82025-05-13
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
- CVE-2025-29983MEDIUMCVSS 6.7EG 6.72025-04-15
Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to E…
- CVE-2025-30371LOWCVSS 2.1EG 2.12025-03-28
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase insta…
- CVE-2025-30457CRITICALCVSS 9.8EG 9.82025-03-31
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to create symlinks to protected regions of the disk.
- CVE-2025-30640HIGHCVSS 7.8EG 7.82025-06-17
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code…
- CVE-2025-30641HIGHCVSS 7.8EG 7.82025-06-17
A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the a…
- CVE-2025-30642MEDIUMCVSS 5.5EG 5.52025-06-17
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to exec…
- CVE-2025-31198MEDIUMCVSS 5.5EG 5.52025-05-29
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A path handling issue was addressed with improved validation.
- CVE-2025-3224HIGHCVSS 7.8EG 7.82025-04-28
A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subd…
- CVE-2025-32721HIGHCVSS 7.3EG 7.32025-06-10
Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.
- CVE-2025-32817MEDIUMCVSS 6.1EG 7.32025-04-16
A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption.
- CVE-2025-33075HIGHCVSS 7.8EG 7.82025-06-10
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
- CVE-2025-34191HIGHCVSS 8.4EG 8.42025-09-19
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write vulnerability via the response file handling. When t…
- CVE-2025-34194HIGHCVSS 8.5EG 7.82025-09-19
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) contain an insecure temporary-file handling vulnerability in the PrinterInstal…
- CVE-2025-34352HIGHCVSS 8.5EG 8.52025-12-02
JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs …
- CVE-2025-36564HIGHCVSS 7.8EG 7.82025-06-03
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
- CVE-2025-36611HIGHCVSS 7.3EG 7.32025-07-30
Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, l…
Map vulnerabilities like CWE-59 to your infrastructure
EchelonGraph correlates every CVE — across CWE-59 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →