Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-61

CWE-61

High likelihood

UNIX Symbolic Link (Symlink) Following

Parent: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

138 vulnerabilities with CWE-61

CVE-2025-62596 CRITICAL

Youki <0.5.7 - Privilege Escalation

CVE-2025-62161 CRITICAL

youki < 0.5.7 - Container Escape via Bind Mount File Mask

CVE-2025-43991 MEDIUM

SupportAssist <4.8.2-4.5.3 - Info Disclosure

CVE-2025-11489 MEDIUM

wonderwhy-er DesktopCommanderMCP < 0.2.13 - Symlink Following in isPathAllowed Function

CVE-2025-59829 MEDIUM

Claude Code <1.0.120 - Privilege Escalation

CVE-2025-53881 MEDIUM

exim <4.98.2-lp156.248.1 - Privilege Escalation

CVE-2025-59343 HIGH

tar-fs < 3.1.1, < 2.1.3, < 1.16.5 - Path Traversal via Symlink Validation Bypass

CVE-2025-59825 MEDIUM

astral-tokio-tar < 0.5.4 - Path Traversal and Arbitrary File Write via Entry::unpack_in_raw

CVE-2025-10854 HIGH

txtai - Arbitrary File Write via Symbolic Link in Tar File

CVE-2025-46810 HIGH

openSUSE Tumbleweed traefik2 <2.11.29 - Privilege Escalation

CVE-2025-57802 HIGH

Airlink Daemon 1.0.0 - Path Traversal

CVE-2025-54867 HIGH

Youki <0.5.5 - Privilege Escalation

CVE-2025-55345 HIGH

Codex CLI - Arbitrary File Overwrite via Symlink Following

CVE-2025-5468 MEDIUM

Ivanti Connect Secure <22.7R2.8, Policy Secure <22.7R1.5, ZTA Gatew...

CVE-2025-36564 HIGH

Dell Encryption < 11.10.2 - Privilege Escalation via Improper Link Resolution

CVE-2025-23394 CRITICAL

openSUSE Tumbleweed cyrus-imapd <3.8.4.2.1 - Privilege Escalation

CVE-2025-43853 MEDIUM

WebAssembly Micro Runtime < 2.2.0 - Symlink Following via WASI Preopened Directory

CVE-2025-1079 HIGH

Google Web Designer < 16.2.0.0128 - Remote Code Execution via Improper Symlink Resolution in Preview Feature

CVE-2025-30485 MEDIUM

FutureNet NXR/WXR/VXR - Info Disclosure

CVE-2025-3048 MEDIUM

AWS SAM CLI <1.134.0 - Info Disclosure

CVE-2025-3047 MEDIUM

SAM CLI <v1.133.0 - Privilege Escalation

CVE-2025-29787 HIGH

zip 1.3.0-2.3.0 - Arbitrary File Write via Symbolic Link Canonicalization

CVE-2025-24832 MEDIUM

Acronis Backup - Privilege Escalation

CVE-2025-22480 HIGH

Dell SupportAssist OS Recovery < 5.5.13.1 - Arbitrary File Deletion and Privilege Escalation

CVE-2025-24886 HIGH

pwn.college dojo - Symlink Local File Inclusion

Previous Page 3 of 6 Next

Details

Vulnerabilities 138

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy