CVE-2025-59334 is a critical vulnerability affecting Linkr, a lightweight file delivery system developed by mohammadzain2008. Linkr versions prior to 2.0.1 do not verify the integrity or authenticity of .linkr manifest files before processing them. These manifest files dictate which files are downloaded and extracted by the client. Due to improper verification of cryptographic signatures (CWE-347), an attacker can tamper with a .linkr manifest by injecting arbitrary file entries, such as malicious URLs pointing to attacker-controlled payloads. When a user runs the extract command, the client blindly downloads and extracts these malicious files without validation. This flaw enables arbitrary file injection and can lead to remote code execution if the malicious files are executed later. The vulnerability is exploitable remotely without authentication and requires only user interaction to trigger extraction. Linkr version 2.0.1 mitigates this by adding a manifest integrity check that compares the checksum of the original author-created manifest with the one being extracted, aborting the process on mismatch and warning if no original manifest is hosted. Until users upgrade, they must rely on trusted manifests, manual verification, and hosting manifests on trusted servers. The CVSS v3.1 score of 9.7 reflects the critical nature of this vulnerability, with network attack vector, low attack complexity, no privileges required, user interaction needed, and high impact on confidentiality, integrity, and availability. No known exploits are reported in the wild yet, but the potential for remote code execution makes this a severe threat.

For European organizations, this vulnerability poses a significant risk especially to those using Linkr for file distribution or software deployment. Successful exploitation can lead to arbitrary code execution, potentially allowing attackers to install malware, steal sensitive data, or disrupt operations. This can compromise confidentiality, integrity, and availability of critical systems. Sectors such as finance, healthcare, government, and critical infrastructure that rely on secure file delivery are particularly at risk. The ability to inject malicious files remotely without authentication increases the attack surface and likelihood of exploitation. Additionally, supply chain attacks leveraging tampered manifests could propagate malware widely within organizations. The impact extends to reputational damage, regulatory non-compliance (e.g., GDPR), and financial losses due to incident response and remediation. The requirement for user interaction (extract command) means social engineering or phishing could be used to trick users into triggering the exploit, further increasing risk.

1. Immediate upgrade to Linkr version 2.0.1 or later, which includes manifest integrity verification, is the most effective mitigation. 2. Until upgrading, restrict usage of Linkr manifests to those obtained from trusted sources only. 3. Implement manual verification of manifest checksums before extraction to detect tampering. 4. Host manifests exclusively on secure, trusted servers with strong access controls and monitoring to prevent unauthorized modifications. 5. Educate users about the risks of extracting files from untrusted manifests and train them to recognize suspicious files or URLs. 6. Employ network security controls such as web filtering and intrusion detection to block access to known malicious URLs. 7. Monitor Linkr usage logs for unusual manifest downloads or extraction activities. 8. Consider application whitelisting or endpoint protection solutions to prevent execution of unauthorized binaries or scripts downloaded via Linkr. 9. Integrate manifest verification into automated deployment pipelines to enforce integrity checks before file extraction.