CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2025-60710 (GCVE-0-2025-60710)
Vulnerability from cvelistv5 – Published: 2025-11-11 17:59 – Updated: 2026-04-14 03:55
VLAI
Title
Host Process for Windows Tasks Elevation of Privilege Vulnerability
Summary
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
Severity
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.7462
(custom)
|
|
| Microsoft | Windows 11 Version 25H2 |
Affected:
10.0.26200.0 , < 10.0.26200.7462
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.7462
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.7462
(custom)
|
Date Public
2025-11-11 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60710",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T03:55:25.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-13T00:00:00.000Z",
"value": "CVE-2025-60710 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-12-16T17:21:13.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.7462",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.7462",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.7462",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.7462",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.7462",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.7462",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.7462",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.7462",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-11-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T20:46:20.562Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Host Process for Windows Tasks Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710"
}
],
"title": "Host Process for Windows Tasks Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-60710",
"datePublished": "2025-11-11T17:59:25.479Z",
"dateReserved": "2025-09-26T05:03:24.536Z",
"dateUpdated": "2026-04-14T03:55:25.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62363 (GCVE-0-2025-62363)
Vulnerability from cvelistv5 – Published: 2025-10-13 21:37 – Updated: 2025-10-14 15:16
VLAI
Title
yt-grabber-tui allows arbitrary code execution via configurable yt-dlp path
Summary
yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc.
Severity
7.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/zheny-creator/YtGrabber-TUI/se… | x_refsource_CONFIRM |
| https://github.com/zheny-creator/YtGrabber-TUI/co… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| zheny-creator | YtGrabber-TUI |
Affected:
< 1.0-rc
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T15:16:06.450670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T15:16:16.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "YtGrabber-TUI",
"vendor": "zheny-creator",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0-rc"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T21:37:48.474Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zheny-creator/YtGrabber-TUI/security/advisories/GHSA-94c4-wh57-8p9c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zheny-creator/YtGrabber-TUI/security/advisories/GHSA-94c4-wh57-8p9c"
},
{
"name": "https://github.com/zheny-creator/YtGrabber-TUI/commit/7adfdb68e8bf24559d1e9d8d4668de3d82c45591",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zheny-creator/YtGrabber-TUI/commit/7adfdb68e8bf24559d1e9d8d4668de3d82c45591"
}
],
"source": {
"advisory": "GHSA-94c4-wh57-8p9c",
"discovery": "UNKNOWN"
},
"title": "yt-grabber-tui allows arbitrary code execution via configurable yt-dlp path"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62363",
"datePublished": "2025-10-13T21:37:48.474Z",
"dateReserved": "2025-10-10T14:22:48.202Z",
"dateUpdated": "2025-10-14T15:16:16.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62364 (GCVE-0-2025-62364)
Vulnerability from cvelistv5 – Published: 2025-10-13 20:30 – Updated: 2025-10-14 15:09
VLAI
Title
text-generation-webui allows arbitrary file read via symbolic link upload
Summary
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the application processes the upload, it follows the symbolic link and serves the contents of the targeted file through the web interface. This allows an unauthenticated attacker to read sensitive files on the server, potentially exposing system configurations, credentials, and other confidential information. This vulnerability is fixed in 3.14. No known workarounds exist.
Severity
6.2 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/oobabooga/text-generation-webu… | x_refsource_CONFIRM |
| https://github.com/oobabooga/text-generation-webu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| oobabooga | text-generation-webui |
Affected:
<= 3.13
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62364",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T15:08:52.957046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T15:09:00.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "text-generation-webui",
"vendor": "oobabooga",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the application processes the upload, it follows the symbolic link and serves the contents of the targeted file through the web interface. This allows an unauthenticated attacker to read sensitive files on the server, potentially exposing system configurations, credentials, and other confidential information. This vulnerability is fixed in 3.14. No known workarounds exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T20:30:56.391Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-66rw-q8w5-c2hg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-66rw-q8w5-c2hg"
},
{
"name": "https://github.com/oobabooga/text-generation-webui/commit/282aa1918907fceec7f903d3dc2bc8492ce8e885",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/oobabooga/text-generation-webui/commit/282aa1918907fceec7f903d3dc2bc8492ce8e885"
}
],
"source": {
"advisory": "GHSA-66rw-q8w5-c2hg",
"discovery": "UNKNOWN"
},
"title": "text-generation-webui allows arbitrary file read via symbolic link upload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62364",
"datePublished": "2025-10-13T20:30:56.391Z",
"dateReserved": "2025-10-10T14:22:48.203Z",
"dateUpdated": "2025-10-14T15:09:00.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62676 (GCVE-0-2025-62676)
Vulnerability from cvelistv5 – Published: 2026-02-10 15:39 – Updated: 2026-02-26 15:04
VLAI
Summary
An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages.
Severity
CWE
- CWE-59 - Escalation of privilege
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientWindows |
Affected:
7.4.0 , ≤ 7.4.4
(semver)
Affected: 7.2.0 , ≤ 7.2.12 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) cpe:2.3:a:fortinet:forticlientwindows:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T04:56:21.858941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:10.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientwindows:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-16T08:45:31.916Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-661",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-661"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiClientWindows version 8.0.0 or above\nUpgrade to FortiClientWindows version 7.4.5 or above\nUpgrade to FortiClientWindows version 7.2.13 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-62676",
"datePublished": "2026-02-10T15:39:12.816Z",
"dateReserved": "2025-10-20T08:07:37.651Z",
"dateUpdated": "2026-02-26T15:04:10.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64437 (GCVE-0-2025-64437)
Vulnerability from cvelistv5 – Published: 2025-11-07 23:04 – Updated: 2025-11-10 18:50
VLAI
Title
KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
Summary
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node to the unprivileged user with UID 107 (the same user used by virt-launcher) thus, compromising the CIA (Confidentiality, Integrity and Availability) of data on the host. To successfully exploit this vulnerability, an attacker should be in control of the file system of the virt-launcher pod. This vulnerability is fixed in 1.5.3 and 1.6.1.
Severity
5 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/kubevirt/kubevirt/security/adv… | x_refsource_CONFIRM |
| https://github.com/kubevirt/kubevirt/commit/3ce9f… | x_refsource_MISC |
| https://github.com/kubevirt/kubevirt/commit/8644d… | x_refsource_MISC |
| https://github.com/kubevirt/kubevirt/commit/f59ca… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64437",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T18:49:35.550633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T18:50:16.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kubevirt",
"vendor": "kubevirt",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.3"
},
{
"status": "affected",
"version": "\u003e= 1.6.0-alpha.0, \u003c 1.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node to the unprivileged user with UID 107 (the same user used by virt-launcher) thus, compromising the CIA (Confidentiality, Integrity and Availability) of data on the host. To successfully exploit this vulnerability, an attacker should be in control of the file system of the virt-launcher pod. This vulnerability is fixed in 1.5.3 and 1.6.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T23:04:10.913Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-2r4r-5x78-mvqf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-2r4r-5x78-mvqf"
},
{
"name": "https://github.com/kubevirt/kubevirt/commit/3ce9f41c54d04a65f10b23a46771391c00659afb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubevirt/kubevirt/commit/3ce9f41c54d04a65f10b23a46771391c00659afb"
},
{
"name": "https://github.com/kubevirt/kubevirt/commit/8644dbe0d04784b0bfa8395b91ecbd6001f88f6b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubevirt/kubevirt/commit/8644dbe0d04784b0bfa8395b91ecbd6001f88f6b"
},
{
"name": "https://github.com/kubevirt/kubevirt/commit/f59ca63133f25de8fceb3e2a0e5cc0b7bdb6a265",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubevirt/kubevirt/commit/f59ca63133f25de8fceb3e2a0e5cc0b7bdb6a265"
}
],
"source": {
"advisory": "GHSA-2r4r-5x78-mvqf",
"discovery": "UNKNOWN"
},
"title": "KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64437",
"datePublished": "2025-11-07T23:04:10.913Z",
"dateReserved": "2025-11-03T22:12:51.365Z",
"dateUpdated": "2025-11-10T18:50:16.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66277 (GCVE-0-2025-66277)
Vulnerability from cvelistv5 – Published: 2026-02-11 12:15 – Updated: 2026-02-26 14:44
VLAI
Title
QTS, QuTS hero
Summary
A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3350 build 20251216 and later
QuTS hero h5.3.2.3354 build 20251225 and later
QuTS hero h5.2.8.3350 build 20251216 and later
Severity
CWE
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | QTS |
Affected:
5.2.x , < 5.2.8.3350 build 20251216
(custom)
|
|
| QNAP Systems Inc. | QuTS hero |
Affected:
h5.3.x , < h5.3.2.3354 build 20251225
(custom)
Affected: h5.2.x , < h5.2.8.3350 build 20251216 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T04:55:18.232558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:26.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.2.8.3350 build 20251216",
"status": "affected",
"version": "5.2.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.3.2.3354 build 20251225",
"status": "affected",
"version": "h5.3.x",
"versionType": "custom"
},
{
"lessThan": "h5.2.8.3350 build 20251216",
"status": "affected",
"version": "h5.2.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "coral"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.8.3350 build 20251216 and later\u003cbr\u003eQuTS hero h5.3.2.3354 build 20251225 and later\u003cbr\u003eQuTS hero h5.2.8.3350 build 20251216 and later\u003cbr\u003e"
}
],
"value": "A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.8.3350 build 20251216 and later\nQuTS hero h5.3.2.3354 build 20251225 and later\nQuTS hero h5.2.8.3350 build 20251216 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T12:15:43.851Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-26-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.8.3350 build 20251216 and later\u003cbr\u003eQuTS hero h5.3.2.3354 build 20251225 and later\u003cbr\u003eQuTS hero h5.2.8.3350 build 20251216 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.8.3350 build 20251216 and later\nQuTS hero h5.3.2.3354 build 20251225 and later\nQuTS hero h5.2.8.3350 build 20251216 and later"
}
],
"source": {
"advisory": "QSA-26-05",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2025-66277",
"datePublished": "2026-02-11T12:15:43.851Z",
"dateReserved": "2025-11-26T09:25:37.832Z",
"dateUpdated": "2026-02-26T14:44:26.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68146 (GCVE-0-2025-68146)
Vulnerability from cvelistv5 – Published: 2025-12-16 18:10 – Updated: 2025-12-17 18:51
VLAI
Title
filelock has TOCTOU race condition that allows symlink attacks during lock file creation
Summary
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with O_TRUNC. An attacker can create a symlink pointing to a victim file in the time gap between the check and open, causing os.open() to follow the symlink and truncate the target file. All users of filelock on Unix, Linux, macOS, and Windows systems are impacted. The vulnerability cascades to dependent libraries. The attack requires local filesystem access and ability to create symlinks (standard user permissions on Unix; Developer Mode on Windows 10+). Exploitation succeeds within 1-3 attempts when lock file paths are predictable. The issue is fixed in version 3.20.1. If immediate upgrade is not possible, use SoftFileLock instead of UnixFileLock/WindowsFileLock (note: different locking semantics, may not be suitable for all use cases); ensure lock file directories have restrictive permissions (chmod 0700) to prevent untrusted users from creating symlinks; and/or monitor lock file directories for suspicious symlinks before running trusted applications. These workarounds provide only partial mitigation. The race condition remains exploitable. Upgrading to version 3.20.1 is strongly recommended.
Severity
6.3 (Medium)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/tox-dev/filelock/security/advi… | x_refsource_CONFIRM |
| https://github.com/tox-dev/filelock/pull/461 | x_refsource_MISC |
| https://github.com/tox-dev/filelock/commit/4724d7… | x_refsource_MISC |
| https://github.com/tox-dev/filelock/releases/tag/3.20.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T14:51:03.763957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:51:00.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "filelock",
"vendor": "tox-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 3.20.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with O_TRUNC. An attacker can create a symlink pointing to a victim file in the time gap between the check and open, causing os.open() to follow the symlink and truncate the target file. All users of filelock on Unix, Linux, macOS, and Windows systems are impacted. The vulnerability cascades to dependent libraries. The attack requires local filesystem access and ability to create symlinks (standard user permissions on Unix; Developer Mode on Windows 10+). Exploitation succeeds within 1-3 attempts when lock file paths are predictable. The issue is fixed in version 3.20.1. If immediate upgrade is not possible, use SoftFileLock instead of UnixFileLock/WindowsFileLock (note: different locking semantics, may not be suitable for all use cases); ensure lock file directories have restrictive permissions (chmod 0700) to prevent untrusted users from creating symlinks; and/or monitor lock file directories for suspicious symlinks before running trusted applications. These workarounds provide only partial mitigation. The race condition remains exploitable. Upgrading to version 3.20.1 is strongly recommended."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:10:54.599Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tox-dev/filelock/security/advisories/GHSA-w853-jp5j-5j7f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tox-dev/filelock/security/advisories/GHSA-w853-jp5j-5j7f"
},
{
"name": "https://github.com/tox-dev/filelock/pull/461",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tox-dev/filelock/pull/461"
},
{
"name": "https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e"
},
{
"name": "https://github.com/tox-dev/filelock/releases/tag/3.20.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tox-dev/filelock/releases/tag/3.20.1"
}
],
"source": {
"advisory": "GHSA-w853-jp5j-5j7f",
"discovery": "UNKNOWN"
},
"title": "filelock has TOCTOU race condition that allows symlink attacks during lock file creation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68146",
"datePublished": "2025-12-16T18:10:54.599Z",
"dateReserved": "2025-12-15T19:06:04.108Z",
"dateUpdated": "2025-12-17T18:51:00.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68279 (GCVE-0-2025-68279)
Vulnerability from cvelistv5 – Published: 2025-12-18 22:59 – Updated: 2025-12-19 15:02
VLAI
Title
Weblate has an arbitrary file read via symbolic links
Summary
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.
Severity
7.7 (High)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/WeblateOrg/weblate/security/ad… | x_refsource_CONFIRM |
| https://github.com/WeblateOrg/weblate/pull/17331 | x_refsource_MISC |
| https://github.com/WeblateOrg/weblate/pull/17356 | x_refsource_MISC |
| https://github.com/WeblateOrg/weblate/releases/ta… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WeblateOrg | weblate |
Affected:
< 5.15.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:01:48.050033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:02:04.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "weblate",
"vendor": "WeblateOrg",
"versions": [
{
"status": "affected",
"version": "\u003c 5.15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T22:59:28.527Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7"
},
{
"name": "https://github.com/WeblateOrg/weblate/pull/17331",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/weblate/pull/17331"
},
{
"name": "https://github.com/WeblateOrg/weblate/pull/17356",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/weblate/pull/17356"
},
{
"name": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1"
}
],
"source": {
"advisory": "GHSA-g925-f788-4jh7",
"discovery": "UNKNOWN"
},
"title": "Weblate has an arbitrary file read via symbolic links"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68279",
"datePublished": "2025-12-18T22:59:28.527Z",
"dateReserved": "2025-12-16T14:17:32.389Z",
"dateUpdated": "2025-12-19T15:02:04.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7012 (GCVE-0-2025-7012)
Vulnerability from cvelistv5 – Published: 2025-07-13 08:12 – Updated: 2025-07-14 20:11
VLAI
Title
Cato Networks Linux Client Local Privilege Escalation via Symlink
Summary
An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.
Severity
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cato Networks | Cato Client |
Affected:
5.0 , < 5.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T14:44:28.338768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T20:11:08.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Cato Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.5",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An issue in Cato Networks\u0027 CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling."
}
],
"value": "An issue in Cato Networks\u0027 CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T08:31:21.608Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/28552501717405-CVE-2025-7012-Linux-Client-Local-Privilege-Escalation-via-Symbolic-Link-Handling"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cato Networks Linux Client Local Privilege Escalation via Symlink",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2025-7012",
"datePublished": "2025-07-13T08:12:20.973Z",
"dateReserved": "2025-07-02T09:33:23.487Z",
"dateUpdated": "2025-07-14T20:11:08.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7073 (GCVE-0-2025-7073)
Vulnerability from cvelistv5 – Published: 2025-12-10 09:46 – Updated: 2026-03-31 11:43
VLAI
Title
Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security
Summary
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.
Severity
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Bitdefender | Total Security |
Affected:
0 , < 27.0.47.241
(custom)
|
|
| Bitdefender | Internet Security |
Affected:
0 , < 27.0.47.241
(custom)
|
|
| Bitdefender | Antivirus Plus |
Affected:
0 , < 27.0.47.241
(custom)
|
Date Public
2025-12-10 09:36
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T04:55:19.145047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:21:06.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Total Security",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "27.0.47.241",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Internet Security",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "27.0.47.241",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Antivirus Plus",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "27.0.47.241",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Filip Dragovic (@filip_dragovic)"
}
],
"datePublic": "2025-12-10T09:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241\u0026nbsp;allows low-privileged attackers to elevate privileges. The issue arises from \u003ccode\u003ebdservicehost.exe\u003c/code\u003e\u0026nbsp;deleting files from a user-writable directory (\u003ccode\u003eC:\\ProgramData\\Atc\\Feedback\u003c/code\u003e) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user."
}
],
"value": "A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241\u00a0allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe\u00a0deleting files from a user-writable directory (C:\\ProgramData\\Atc\\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T11:43:59.146Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An automatic update to product version 27.0.47.241\u0026nbsp;fixes the issue"
}
],
"value": "An automatic update to product version 27.0.47.241\u00a0fixes the issue"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2025-7073",
"datePublished": "2025-12-10T09:46:40.263Z",
"dateReserved": "2025-07-04T15:58:42.058Z",
"dateUpdated": "2026-03-31T11:43:59.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-48.1
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.