Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59

CVE-2025-48384 HIGH KEV

Git < 2.43.7 - Unauthenticated Arbitrary Code Execution via Submodule Path Traversal

CVE-2025-49739 HIGH

Visual Studio 2017, 2019, 2022 - Privilege Escalation via Improper Link Resolution

CVE-2025-49738 HIGH

Microsoft PC Manager < 3.17.4.0 - Privilege Escalation via Improper Link Resolution

CVE-2025-49680 HIGH

Windows Performance Recorder - Denial of Service via Improper Link Resolution

CVE-2025-48820 HIGH

Windows AppX Deployment Service - Privilege Escalation

CVE-2025-48799 HIGH

Windows Update Service - Privilege Escalation

CVE-2025-21195 MEDIUM

Azure Service Fabric - Privilege Escalation via Improper Link Resolution

CVE-2025-41668 HIGH

Service Security-Profile - Privilege Escalation

CVE-2025-41667 HIGH

PHOENIX CONTACT AXC F 1152/2152/3152, BPC 9102S, RFC 4072S < 2025.0.2 - Unauthenticated Arbitrary File Write

CVE-2025-41666 HIGH

Watchdog <version> - Privilege Escalation

CVE-2025-53109 HIGH

Model Context Protocol Servers < 0.6.4 and < 2025.7.01 - Unintended File Access via Symlink Resolution

CVE-2025-3771 HIGH

Trellix System Information Reporter < 1.0.3 - Authenticated Arbitrary File Write via Symbolic Link Manipulation

CVE-2025-52936 CRITICAL

yrutschle sslh <2.2.2 - Info Disclosure

CVE-2025-30642 MEDIUM

Trend Micro Deep Security Agent < 20.0.1 - Denial of Service via Link Following

CVE-2025-30641 HIGH

Trend Micro Deep Security Agent < 20.0.1 - Privilege Escalation via Link Following

CVE-2025-30640 HIGH

Trend Micro Deep Security Agent - Privilege Escalation via Link Following

CVE-2025-49157 HIGH

Trend Micro Apex One < 14.0.14492 and 14.0.0.12994-14.0.0.14002 - Local Privilege Escalation via Damage Cleanup Engine

CVE-2025-49156 HIGH

Trend Micro Apex One < 14.0.14492 & 14.0.0.12994-14.0.0.14002 Local Privilege Escalation

CVE-2025-0913 MEDIUM

GO < 1.23.10 - Symlink Following

CVE-2025-33075 HIGH

Windows Installer - Privilege Escalation

CVE-2025-32721 HIGH

Windows 10/11, Server 2016-2019 Privilege Escalation via Recovery Driver Link Following

CVE-2025-5474 HIGH

2BrightSparks SyncBackFree - Privilege Escalation

CVE-2025-36564 HIGH

Dell Encryption < 11.10.2 - Privilege Escalation via Improper Link Resolution

CVE-2025-31198 MEDIUM

macOS < 13.7.5, < 14.7.5, < 15.4 - Path Traversal via Symlink Validation Bypass

CVE-2025-47181 HIGH

Microsoft Edge Update < 1.3.195.61 - Authenticated Privilege Escalation via Improper Link Resolution

Previous Page 9 of 61 Next

Details

Vulnerabilities 1,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy