Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-54798 1Raszi 1Tmp Nov 3, 2025 Aug 7, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
CVE-2025-36611 1Dell 2Encryption Security Management Server Jan 14, 2026 Jul 30, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit th...Show more Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.Show less
CVE-2025-43252 1Apple 1Macos Nov 3, 2025 Jul 30, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.6. A website may be able to access sensitive user data when resolving symlinks.
CVE-2025-43220 1Apple 2Ipados Macos Nov 3, 2025 Jul 30, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.
CVE-2025-23267 - - Nov 4, 2025 Jul 17, 2025 N/A· v4 8.5 HIGH· v3 N/A· v2 NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vu...Show more NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.Show less
CVE-2025-7012 - - Jul 15, 2025 Jul 13, 2025 8.6 HIGH· v4 N/A· v3 N/A· v2 An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.
CVE-2025-52837 1Trendmicro 1Password Manager Oct 3, 2025 Jul 10, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other met...Show more Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation.Show less
CVE-2025-48384 3Apple DebianGit Scm 3Debian Linux GitXcode Nov 6, 2025 Jul 8, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing...Show more Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.Show less
CVE-2025-49739 1Microsoft 4Visual Studio Visual Studio 2017Visual Studio 2019+1 more Jul 16, 2025 Jul 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-49738 1Microsoft 1Pc Manager Jul 23, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-49680 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jul 15, 2025 Jul 8, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.
CVE-2025-48820 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jul 15, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
CVE-2025-48799 1Microsoft 8Windows 10 1607 Windows 10 1809Windows 10 21h2+5 more Sep 26, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
CVE-2025-21195 1Microsoft 1Azure Service Fabric Jul 22, 2025 Jul 8, 2025 N/A· v4 6.0 MEDIUM· v3 N/A· v2 Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.
CVE-2025-41668 - - Jul 8, 2025 Jul 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.
CVE-2025-41667 - - Jul 8, 2025 Jul 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.
CVE-2025-41666 - - Jul 8, 2025 Jul 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.
CVE-2025-53109 - - Jul 3, 2025 Jul 2, 2025 7.3 HIGH· v4 N/A· v3 N/A· v2 Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks wit...Show more Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.Show less
CVE-2025-3771 1Trellix 1System Information Reporter Feb 11, 2026 Jun 26, 2025 7.2 HIGH· v4 7.1 HIGH· v3 N/A· v2 A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash....Show more A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the Trellix SIR registry folder or via policy or with a junction symbolic link to files that the user would not normally have permission to accesShow less
CVE-2025-52936 - - Nov 3, 2025 Jun 23, 2025 9.3 CRITICAL· v4 N/A· v3 N/A· v2 Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.

Previous 1...91011...75 Next