CWE-59— Improper Link Resolution Before File Access (Link Following)
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.— MITRE CWE catalog
1,471 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-59page 26 of 30
- CVE-2025-3771HIGHCVSS 7.1EG 7.12025-06-26
A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved …
- CVE-2025-3908MEDIUMCVSS 6.2EG 6.22025-05-19
The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.
- CVE-2025-41421MEDIUMCVSS 4.7EG 4.72025-10-01
Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malwa…
- CVE-2025-41666HIGHCVSS 8.8EG 8.82025-07-08
A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.
- CVE-2025-41667HIGHCVSS 8.8EG 8.82025-07-08
A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.
- CVE-2025-41668HIGHCVSS 8.8EG 8.82025-07-08
A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.
- CVE-2025-4211HIGHCVSS 7.3EG 7.32025-05-16
Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-3…
- CVE-2025-43220CRITICALCVSS 9.8EG 9.82025-07-30
This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.
- CVE-2025-43252MEDIUMCVSS 6.5EG 6.52025-07-30
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.6. A website may be able to access sensitive user data when resolving symlinks.
- CVE-2025-43257HIGHCVSS 8.7EG 8.72026-04-02
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox.
- CVE-2025-43288MEDIUMCVSS 5.5EG 5.52025-11-04
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to bypass Privacy preferences.
- CVE-2025-43379MEDIUMCVSS 5.5EG 5.52025-11-04
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to acce…
- CVE-2025-43381MEDIUMCVSS 5.5EG 5.52025-12-12
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data.
- CVE-2025-43394MEDIUMCVSS 5.5EG 5.52025-11-04
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access protected user data.
- CVE-2025-43395LOWCVSS 3.3EG 3.32025-11-04
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access protected user data.
- CVE-2025-43446MEDIUMCVSS 5.5EG 5.52025-11-04
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to modify protected parts of the file system.
- CVE-2025-43448MEDIUMCVSS 6.3EG 6.52025-11-04
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26…
- CVE-2025-43461MEDIUMCVSS 5.5EG 5.52025-12-12
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.
- CVE-2025-43490HIGHCVSS 8.4EG 8.42025-08-15
A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is releasing software updates to mitigate the potential vulner…
- CVE-2025-43726MEDIUMCVSS 6.7EG 6.72025-09-02
Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, contains an Improper Link Resolution Before File Access ('Link Following')" vulnerability. A low privileged attacker with local access could potentially exploit this vul…
- CVE-2025-46293MEDIUMCVSS 5.5EG 5.52026-06-11
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
- CVE-2025-46636MEDIUMCVSS 6.6EG 6.62025-12-09
Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Infor…
- CVE-2025-46637HIGHCVSS 7.3EG 7.32025-12-09
Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A local malicious user could potentially exploit this vulnerability, leading to Elevation of privileges.
- CVE-2025-47181HIGHCVSS 8.8EG 8.82025-05-22
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
- CVE-2025-48384HIGHCVSS 8.0EG 9.0⚠ KEV2025-07-08
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and…
- CVE-2025-48799HIGHCVSS 7.8EG 7.82025-07-08
Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-48820HIGHCVSS 7.8EG 7.82025-07-08
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-49156HIGHCVSS 7.0EG 7.02025-06-17
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged cod…
- CVE-2025-49157HIGHCVSS 7.8EG 7.82025-06-17
A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-priv…
- CVE-2025-49680HIGHCVSS 7.3EG 7.32025-07-08
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.
- CVE-2025-49738HIGHCVSS 7.8EG 7.82025-07-08
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
- CVE-2025-49739HIGHCVSS 8.8EG 8.82025-07-08
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-52837HIGHCVSS 7.8EG 7.82025-07-10
Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any …
- CVE-2025-52936CRITICALCVSS 9.3EG 9.32025-06-23
Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.
- CVE-2025-5296HIGHCVSS 7.3EG 7.32025-08-18
CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, …
- CVE-2025-53109HIGHCVSS 7.3EG 7.32025-07-02
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directo…
- CVE-2025-53594MEDIUMCVSS 4.4EG 4.42026-01-02
A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have alread…
- CVE-2025-5474HIGHCVSS 7.3EG 7.32025-06-06
2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the…
- CVE-2025-54798LOWCVSS 2.5EG 2.52025-08-07
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
- CVE-2025-55188LOWCVSS 3.6EG 2.72025-08-08
7-Zip before 25.01 does not always properly handle symbolic links during extraction.
- CVE-2025-55245HIGHCVSS 7.8EG 7.82025-09-09
Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally.
- CVE-2025-55247HIGHCVSS 7.3EG 7.32025-10-14
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
- CVE-2025-55317HIGHCVSS 7.8EG 7.82025-09-09
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
- CVE-2025-5718MEDIUMCVSS 6.8EG 6.82025-11-11
The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacke…
- CVE-2025-57749MEDIUMCVSS 6.5EG 6.52025-08-20
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly…
- CVE-2025-58373MEDIUMCVSS 5.5EG 5.52025-09-05
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to …
- CVE-2025-59241HIGHCVSS 7.8EG 7.82025-10-14
Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-59281HIGHCVSS 7.8EG 7.82025-10-14
Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.
- CVE-2025-59510MEDIUMCVSS 5.5EG 5.52025-11-11
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
- CVE-2025-60710HIGHCVSS 7.8EG 9.0⚠ KEV2025-11-11
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
Map vulnerabilities like CWE-59 to your infrastructure
EchelonGraph correlates every CVE — across CWE-59 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →