Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59

CVE-2025-62364 MEDIUM

text-generation-webui <3.13 - Local File Inclusion

CVE-2025-9968 HIGH

Armoury Crate - Privilege Escalation

CVE-2025-11190 MEDIUM

Kiwire Captive Portal - Open Redirect

CVE-2025-11489 MEDIUM

wonderwhy-er DesktopCommanderMCP < 0.2.13 - Symlink Following in isPathAllowed Function

CVE-2025-11462 HIGH

AWS VPN Client for macOS <5.2.0 - Privilege Escalation

CVE-2025-41421 MEDIUM

TeamViewer <15.70 - Privilege Escalation

CVE-2025-34194 HIGH

Vasion Print Virtual Appliance Host < 25.1.102 & Application < 25.1.1413 - Local Privilege Escalation

CVE-2025-34191 HIGH

Vasion Print Virtual Appliance Host < 22.0.843 & Application < 20.0.1923 - Arbitrary File Write

CVE-2025-55317 HIGH

Microsoft AutoUpdate - Privilege Escalation

CVE-2025-55245 HIGH

Xbox Gaming Services < 30.104.13001.0 - Authenticated Privilege Escalation via Improper Link Resolution

CVE-2025-58373 MEDIUM

Roo Code <3.25.23 - Privilege Escalation

CVE-2025-43726 MEDIUM

Dell Alienware Command Center < 5.10.2.0 - Privilege Escalation via Improper Link Resolution

CVE-2025-57749 MEDIUM

n8n < 1.106.0 - Symlink Traversal in Read/Write File Node

CVE-2025-8612 HIGH

AOMEI Backupper Workstation - Local Privilege Escalation via Junction Link Following

CVE-2025-5296 HIGH

Link Following - Privilege Escalation

CVE-2025-8959 HIGH

HashiCorp go-getter < 1.7.9 - Unauthorized Read Access via Symlink Attack

CVE-2025-43490 HIGH

HP Hotkey Support - Privilege Escalation

CVE-2025-55188 LOW

7-Zip < 25.01 - Improper Link Resolution During Extraction

CVE-2025-54798 LOW

raszi/tmp < 0.2.4 - Arbitrary File Write via Symbolic Link

CVE-2025-36611 HIGH

Dell Encryption and Security Management Server < 11.11.0 - Privilege Escalation via Improper Link Resolution

CVE-2025-43252 MEDIUM

macOS Sequoia <15.6 - Info Disclosure

CVE-2025-43220 CRITICAL

iPadOS < 17.7.9 and macOS < 13.7.7, < 14.7.7, < 15.6 - Unprotected User Data Exposure via Symlink Validation Bypass

CVE-2025-23267 HIGH

NVIDIA Container Toolkit < 1.17.8 - Data Tampering and Denial of Service via update-ldcache Hook

CVE-2025-7012 HIGH

Cato Networks' CatoClient for Linux <5.5 - Privilege Escalation

CVE-2025-52837 HIGH

Trend Micro Password Manager < 5.8.0.1330 - Privilege Escalation via Symbolic Link Abuse

Previous Page 8 of 61 Next

Details

Vulnerabilities 1,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy