Reddit NetSec

AlienVault OTX General

CVE Database V5

Exploit-DB RSS Feed

Reddit InfoSec News

CIRCL OSINT Feed

ThreatFox MISP Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.

CVE-2025-54867 is a high-severity vulnerability affecting the Youki container runtime, a Rust-based container runtime implementation. The vulnerability arises from improper handling of symbolic links (symlinks) within the container's root filesystem, specifically concerning the /proc and /sys directories. Prior to version 0.5.5, if these directories inside the container's root filesystem are symlinks rather than actual mount points, an attacker could exploit this behavior to escape the container sandbox and gain unauthorized access to the host's root filesystem. This is a classic example of CWE-61 (Improper Restriction of Symbolic Link), where following symlinks without adequate validation leads to privilege escalation and container breakout. The vulnerability requires local access with low privileges (PR:L) and has a high attack complexity (AC:H), meaning exploitation is not trivial but feasible under certain conditions. No user interaction is needed (UI:N), and the scope is unchanged (S:U), indicating the impact is confined to the vulnerable component. The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), as an attacker could read, modify, or disrupt host system files by escaping the container. The issue was patched in Youki version 0.5.5 by presumably adding proper validation or disallowing symlink traversal for these critical directories. No known exploits are currently reported in the wild, but the vulnerability's nature makes it a significant risk for containerized environments using affected Youki versions. Given Youki's role as a container runtime, this vulnerability could be leveraged to compromise container isolation, leading to host system compromise.

Detailed information about CVE-2025-54867: CWE-61: UNIX Symbolic Link (Symlink) Following in youki-dev youki affecting youki-dev youki. Get real-time updates, t

CVE-2025-54867: CWE-61: UNIX Symbolic Link (Symlink) Following in youki-dev youki - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54867: CWE-61: UNIX Symbolic Link (Symlink) Following in youki-dev youki

Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.

CVE-2025-55345 is a high-severity vulnerability classified under CWE-61, which pertains to UNIX Symbolic Link (Symlink) Following. This vulnerability affects the Codex CLI tool when it is used in workspace-write mode within a malicious context such as a compromised repository or directory. The core issue arises because the tool follows symbolic links that point outside the intended current working directory. This behavior can be exploited by an attacker who controls or can influence the workspace content to create malicious symlinks. When Codex CLI processes these symlinks, it may overwrite arbitrary files on the filesystem outside the allowed directory boundaries. This arbitrary file overwrite can lead to remote code execution (RCE) if critical system or application files are replaced or modified. The vulnerability has a CVSS v3.1 base score of 8.8, indicating a high level of severity. The attack vector is network-based (AV:N), requires no privileges (PR:N), but does require user interaction (UI:R), such as running the tool in a malicious workspace. The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was published on August 13, 2025, and assigned by JFROG. The fundamental risk is that by following symlinks outside the intended directory, Codex CLI unintentionally allows attackers to manipulate files beyond the workspace, potentially compromising the host system or environment where it runs.

Detailed information about CVE-2025-55345: CWE-61 UNIX Symbolic Link (Symlink) Following. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-55345: CWE-61 UNIX Symbolic Link (Symlink) Following - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-55345: CWE-61 UNIX Symbolic Link (Symlink) Following

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.

CVE-2025-5468 is a medium-severity vulnerability affecting multiple Ivanti products, including Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access. The root cause is improper handling of UNIX symbolic links (CWE-61) in versions prior to the fixed releases (22.7R2.8 or 22.8R2 for Connect Secure, 22.7R1.5 for Policy Secure, 22.8R2.3-723 for ZTA Gateway, and 22.8R1.4 for Neurons for Secure Access). This flaw allows a local authenticated attacker to exploit symbolic link dereferencing to read arbitrary files on the disk. The vulnerability does not require user interaction but does require local authentication with low privileges. The CVSS v3.1 score is 5.5, reflecting a medium severity primarily due to the high confidentiality impact (arbitrary file read) but no impact on integrity or availability. The vulnerability arises because the affected software fails to properly validate or restrict symbolic link targets, enabling attackers to bypass intended file access controls and access sensitive files. Although no known exploits are currently reported in the wild, the vulnerability poses a risk especially in environments where local user accounts are shared or where attackers can gain low-level authenticated access. The fix was deployed on August 2, 2025, and upgrading to the patched versions is critical to mitigate this risk.

Detailed information about CVE-2025-5468: CWE-61: UNIX Symbolic Link in Ivanti Connect Secure affecting Ivanti Connect Secure. Get real-time updates, technical 

CVE-2025-5468: CWE-61: UNIX Symbolic Link in Ivanti Connect Secure - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-5468: CWE-61: UNIX Symbolic Link in Ivanti Connect Secure

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulnerable to path traversal outside the root directory if those variants are symbolic links. The server protects static routes from path traversal outside the root directory when `follow_symlinks=False` (default).  It does this by resolving the requested URL to an absolute path and then checking that path relative to the root. However, these checks are not performed when looking for compressed variants in the `FileResponse` class, and symbolic links are then automatically followed when performing the `Path.stat()` and `Path.open()` to send the file. Version 3.10.2 contains a patch for the issue.

CVE-2024-42367 is a medium-severity vulnerability affecting the aiohttp library, a popular asynchronous HTTP client/server framework used in Python applications. The issue exists in versions on the 3.10 branch prior to 3.10.2. aiohttp supports serving static files, including compressed variants with extensions such as .gz or .br. Normally, aiohttp protects against path traversal attacks by resolving requested URLs to absolute paths and ensuring they remain within the designated root directory when serving static routes, especially when the follow_symlinks option is set to false (the default). However, this protection does not extend to compressed file variants. When aiohttp attempts to serve these compressed variants, it uses the FileResponse class, which performs Path.stat() and Path.open() operations that automatically follow symbolic links without verifying if the resolved path escapes the root directory. This flaw allows an attacker to craft requests that exploit symbolic links pointing outside the intended root directory, potentially accessing unauthorized files on the server. The vulnerability is classified under CWE-61 (Improper Restriction of Symbolic Links in a File System). The issue was patched in aiohttp version 3.10.2. The CVSS v3.1 base score is 4.8 (medium), reflecting network attack vector, high attack complexity, no privileges required, no user interaction, and limited confidentiality and integrity impact without availability impact. No known exploits are reported in the wild as of the publication date.

Detailed information about CVE-2024-42367: CWE-61: UNIX Symbolic Link (Symlink) Following in aio-libs aiohttp affecting aio-libs aiohttp. Get real-time updates,

CVE-2024-42367: CWE-61: UNIX Symbolic Link (Symlink) Following in aio-libs aiohttp - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-42367: CWE-61: UNIX Symbolic Link (Symlink) Following in aio-libs aiohttp

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

CVE-2025-36564 is a high-severity vulnerability identified in Dell Encryption Admin Utilities versions prior to 11.10.2. The vulnerability is classified under CWE-61, which pertains to improper handling of symbolic links (symlinks) in UNIX-like systems. Specifically, this flaw involves improper link resolution, where the software fails to securely handle symbolic links during its operations. A local malicious user with limited privileges can exploit this vulnerability by creating or manipulating symbolic links to trick the utility into performing unauthorized actions on files or directories. This can lead to privilege escalation, allowing the attacker to gain higher-level permissions than originally granted. The CVSS v3.1 base score of 7.8 reflects the significant impact on confidentiality, integrity, and availability, with an attack vector requiring local access but low complexity and no user interaction. The vulnerability does not require user interaction but does require the attacker to have some level of local access (low privileges). The scope is unchanged, meaning the impact is confined to the vulnerable component and its privileges. Although no known exploits are currently reported in the wild, the nature of the vulnerability makes it a critical concern for environments where local user access is possible. The lack of a patch link suggests that remediation may require updating to version 11.10.2 or later once available or applying vendor-provided mitigations.

Detailed information about CVE-2025-36564: CWE-61: UNIX Symbolic Link (Symlink) Following in Dell Encryption Admin Utilities affecting Dell Encryption Admin Uti

CVE-2025-36564: CWE-61: UNIX Symbolic Link (Symlink) Following in Dell Encryption Admin Utilities - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-36564: CWE-61: UNIX Symbolic Link (Symlink) Following in Dell Encryption Admin Utilities

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed  cyrus-imapd before 3.8.4-2.1.

CVE-2025-23394 is a critical vulnerability identified in the cyrus-imapd component of the openSUSE Tumbleweed distribution. The vulnerability is classified under CWE-61, which pertains to unsafe symbolic link (symlink) following. Specifically, this flaw allows an attacker to exploit the way the cyrus-imapd service handles UNIX symbolic links, enabling privilege escalation from the cyrus user context to root. The vulnerability affects versions of cyrus-imapd prior to 3.8.4-2.1 on openSUSE Tumbleweed. The CVSS v3.1 base score is 9.8, indicating a critical severity level, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N) and no user interaction (UI:N). The scope is unchanged (S:U), and the impact is high on confidentiality, integrity, and availability (C:H/I:H/A:H). This means an unauthenticated remote attacker can exploit this vulnerability to gain full root privileges on the affected system, potentially leading to complete system compromise. The vulnerability arises from improper handling of symbolic links, which can be manipulated to redirect file operations to unintended locations, thereby allowing unauthorized access or modification of critical files or execution of arbitrary code with elevated privileges. No known exploits are currently reported in the wild, and no official patches or mitigation links were provided at the time of publication. However, given the critical nature and ease of exploitation, this vulnerability represents a significant risk to systems running vulnerable versions of cyrus-imapd on openSUSE Tumbleweed.

Detailed information about CVE-2025-23394: CWE-61: UNIX Symbolic Link (Symlink) Following in SUSE openSUSE Tumbleweed affecting SUSE openSUSE Tumbleweed. Get re

CVE-2025-23394: CWE-61: UNIX Symbolic Link (Symlink) Following in SUSE openSUSE Tumbleweed - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-23394: CWE-61: UNIX Symbolic Link (Symlink) Following in SUSE openSUSE Tumbleweed

Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature

CVE-2025-1079 is a high-severity vulnerability affecting Google Web Designer, specifically its preview feature on macOS and Linux platforms. The root cause is improper symbolic link resolution, classified under CWE-61 (Improper Restriction of Symbolic Links in a File System). This flaw allows an attacker to craft malicious symbolic links that, when processed by the preview feature, can lead to client-side remote code execution (RCE). The vulnerability requires local access (AV:L) but no privileges (PR:N) and only limited user interaction (UI:R) to trigger. Successful exploitation can compromise confidentiality, integrity, and availability of the affected system, as the attacker can execute arbitrary code with the privileges of the user running Google Web Designer. The CVSS v3.1 score of 7.8 reflects the high impact and relatively low attack complexity. No known exploits are currently in the wild, and no patches have been published yet. The vulnerability primarily affects the preview functionality, which is used by designers to test their work locally, making it a targeted attack vector for users of this software on macOS and Linux. Given the nature of symbolic link exploitation, attackers could potentially escalate local access or trick users into opening malicious projects, leading to compromise.

Detailed information about CVE-2025-1079: CWE-61 in Google Web Designer affecting Google Web Designer. Get real-time updates, technical details, and mitigation 

CVE-2025-1079: CWE-61 in Google Web Designer - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-1079: CWE-61 in Google Web Designer

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink following vulnerability. On WAMR running in Windows, creating a symlink pointing outside of the preopened directory and subsequently opening it with create flag will create a file on host outside of the sandbox. If the symlink points to an existing host file, it's also possible to open it and read its content. Version 2.3.0 fixes the issue.

CVE-2025-43853 is a high-severity vulnerability affecting the WebAssembly Micro Runtime (WAMR), specifically its iwasm package, which is an executable binary built with WAMR VMcore supporting the WebAssembly System Interface (WASI) and command line interface. The vulnerability exists in versions of WAMR up to and including 2.2.0, as well as WAMR built with libc-uvwasi on Windows platforms. It is a symbolic link (symlink) following vulnerability categorized under CWE-61. The issue arises when WAMR running on Windows allows the creation of symlinks that point outside of the preopened directory sandbox. If an attacker creates such a symlink and opens it with the create flag, WAMR will create or open files on the host system outside the intended sandbox boundaries. This can lead to unauthorized file creation or reading of existing host files, effectively breaking the sandbox isolation that WebAssembly environments rely on for security. The vulnerability does not require authentication or user interaction and can be exploited locally by an attacker with the ability to run or influence WebAssembly modules executed by WAMR on Windows. The vulnerability was fixed in version 2.3.0 of WAMR. The CVSS 4.0 score is 7.0 (high), reflecting the local attack vector, low attack complexity, no privileges or user interaction required, but with high confidentiality impact and limited integrity and availability impacts. No known exploits in the wild have been reported yet.

Detailed information about CVE-2025-43853: CWE-61: UNIX Symbolic Link (Symlink) Following in bytecodealliance wasm-micro-runtime affecting bytecodealliance wasm

CVE-2025-43853: CWE-61: UNIX Symbolic Link (Symlink) Following in bytecodealliance wasm-micro-runtime - Live Threat Intelligence - Threat Radar | OffSeq.com

Title	Severity	Type	Source	Date

Threats Tagged 'cwe-61'

Filter Threats

Threats Tagged 'cwe-61'

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility