Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59

CVE-2025-67487 HIGH

static-web-server < 2.40.1 - Symbolic Link Following

CVE-2025-65843 HIGH

Aquarius Desktop 3.0.069 - Path Traversal

CVE-2025-34352 HIGH

JumpCloud Remote Assist for Windows <0.317.0 - Privilege Escalation

CVE-2025-60710 HIGH KEV

Host Process for Windows Tasks - Privilege Escalation

CVE-2025-59510 MEDIUM

Windows RRAS - Authenticated Denial of Service via Improper Link Resolution

CVE-2025-24918 MEDIUM

Intel Server Configuration Utility <16.0.12 - Privilege Escalation

CVE-2025-5718 MEDIUM

Axis OS 12.0.0-12.6.29 - Privilege Escalation via Symlink Attack in ACAP Application Framework

CVE-2025-11578 HIGH

GitHub Enterprise Server 3.14.0-3.14.19 - Authenticated Privilege Escalation via Pre-Receive Hook Symlink Escape

CVE-2025-64437 MEDIUM

KubeVirt < 1.5.3 and 1.6.1 - Symlink Attack via Launcher-Sock File

CVE-2025-12418 MEDIUM

Revenera InstallShield <2025 R1 - DoS

CVE-2025-43448 MEDIUM

iPadOS < 26.1 - Sandbox Escape via Symlink Validation Bypass

CVE-2025-43446 MEDIUM

macOS < 14.8.2, < 15.7.2, < 26.1 - Unprotected File System Modification via Symlink Validation Bypass

CVE-2025-43395 LOW

macOS < 14.8.2, < 15.7.2, < 26.1 - Unprotected User Data Exposure via Symlink Handling

CVE-2025-43394 MEDIUM

macOS < 14.8.2, < 15.7.2, < 26.1 - Unprotected User Data Exposure via Symlink Handling

CVE-2025-43379 MEDIUM

iPadOS < 26.1 - Unprotected User Data Exposure via Symlink Validation Bypass

CVE-2025-43288 MEDIUM

macOS Sequoia <15.7 - Privilege Escalation

CVE-2025-9871 HIGH

Razer Synapse < 3.10.730.71519 - Local Privilege Escalation via Chroma SDK Installer Link Following

CVE-2025-9870 HIGH

Razer Synapse < 3.10.730.71519 - Local Privilege Escalation via Philips HUE Module Installer Link Following

CVE-2025-9869 HIGH

Razer Synapse < 3.10.730.71519 - Local Privilege Escalation via Symbolic Link

CVE-2025-12341 HIGH

AntiDupl <= 2.3.12 - Link Following in Delete Duplicate Image Handler

CVE-2025-26625 HIGH

Git LFS 0.5.2-3.7.0 - Arbitrary File Write via Symbolic Link Collision

CVE-2025-59281 HIGH

XBox Gaming Services < 31.105.17001.0 - Authenticated Privilege Escalation via Improper Link Resolution

CVE-2025-59241 HIGH

Windows 11 24H2 < 10.0.26100.6899 and 25H2 < 10.0.26200.6899 - Authenticated Privilege Escalation via Link Following

CVE-2025-55247 HIGH

.NET 8.0.0-8.0.20 - Authenticated Privilege Escalation via Improper Link Resolution

CVE-2025-62363 HIGH

yt-grabber-tui <1.0-rc - Code Injection

Previous Page 7 of 61 Next

Details

Vulnerabilities 1,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy