Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-0413 1Parallels 2Parallels Remote Application Server Aug 15, 2025 Feb 5, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An atta...Show more Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Technical Data Reporter component. By creating a symbolic link, an attacker can abuse the service to change the permissions of arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-25014.Show less
CVE-2025-0146 1Zoom 5Meeting Software Development Kit RoomsRooms Controller+2 more Aug 1, 2025 Jan 30, 2025 N/A· v4 5.0 MEDIUM· v3 N/A· v2 Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.
CVE-2025-24136 1Apple 1Macos Apr 2, 2026 Jan 27, 2025 N/A· v4 4.4 MEDIUM· v3 N/A· v2 This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious app may be able to create symlinks to protected regions of...Show more This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious app may be able to create symlinks to protected regions of the disk.Show less
CVE-2025-24104 1Apple 2Ipados Iphone Os Apr 2, 2026 Jan 27, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files.
CVE-2025-24103 1Apple 1Macos Apr 2, 2026 Jan 27, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access protected user data.
CVE-2025-0377 1Hashicorp 1Go Slug Dec 15, 2025 Jan 21, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
CVE-2024-57728 1Simple Help 1Simplehelp Apr 24, 2026 Jan 15, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary co...Show more SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.Show less
CVE-2025-21331 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jan 21, 2025 Jan 14, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21274 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Jan 27, 2025 Jan 14, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Windows Event Tracing Denial of Service Vulnerability
CVE-2024-52050 1Trendmicro 1Apex One Aug 25, 2025 Dec 31, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execut...Show more A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Show less
CVE-2024-13043 1Watchguard 1Panda Dome Jan 3, 2025 Dec 30, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtai...Show more Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Hotspot Shield. By creating a junction, an attacker can abuse the application to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23478.Show less
CVE-2024-12753 1Foxit 2Pdf Editor Pdf Reader Aug 8, 2025 Dec 30, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the...Show more Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. By creating a junction, an attacker can abuse the installer process to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25408.Show less
CVE-2024-12754 1Anydesk 1Anydesk Aug 14, 2025 Dec 30, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to...Show more AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940.Show less
CVE-2024-52535 1Dell 2Supportassist For Business Pcs Supportassist For Home Pcs Jan 29, 2025 Dec 25, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A l...Show more Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.Show less
CVE-2024-44211 1Apple 1Macos Nov 3, 2025 Dec 20, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.
CVE-2024-47480 1Dell 1Inventory Collector Feb 4, 2025 Dec 18, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially res...Show more Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.Show less
CVE-2024-52542 1Dell 1Appsync Feb 4, 2025 Dec 17, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.
CVE-2024-56074 - - Dec 16, 2024 Dec 15, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.
CVE-2024-12552 1Wacom 1Center Aug 14, 2025 Dec 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first o...Show more Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within WTabletServicePro.exe. By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25359.Show less
CVE-2024-49107 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jan 8, 2025 Dec 12, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 WmsRepair Service Elevation of Privilege Vulnerability

Previous 1...131415...75 Next