Monthly
Arbitrary file read in KubeVirt's virt-exportserver component allows authenticated namespace users to exfiltrate sensitive files from the exporter pod via symlink-based path traversal in the VMExport directory endpoint. The flaw, reported by Red Hat and impacting Red Hat OpenShift Virtualization 4, carries a CVSS 7.7 score driven by scope change and high confidentiality impact, though no public exploit identified at time of analysis.
Symlink-based authentication bypass and file corruption in pam_usb before 0.8.7 lets a local, low-privileged user defeat USB hardware authentication and overwrite root-owned files. By planting symlinks in the pad directory or on individual pad files, an attacker abuses CWE-59 link-following during the one-time-pad rotation that pam_usb performs on login, redirecting privileged file operations. No public exploit code has been identified at time of analysis, the issue is not listed in CISA KEV, and no EPSS score is available; exploitation requires local access plus a triggering authentication event.
Arbitrary file read on the Jenkins controller is possible in the Jenkins 'Pipeline: Groovy Libraries Plugin' (version 797.v90ea_a_9b_e45a_0 and earlier), where the plugin fails to prohibit symbolic links inside shared libraries. An attacker who can control the contents of a shared library consumed by a Pipeline job can plant symlinks that resolve to sensitive files (credentials, secrets, configuration) on the controller filesystem and exfiltrate them through the build. There is no public exploit identified at time of analysis, and SSVC marks exploitation status as none, so this is a patch-and-move-on issue rather than an active-exploitation emergency.
Symlink-based path traversal in the Perl module Archive::Tar before version 3.08 allows a malicious tar archive to write or point files outside the intended extraction directory. When an application extracts an attacker-supplied archive, symlink entries whose targets are absolute paths or contain '..' traversal sequences are followed without validation, letting an attacker place links that resolve to arbitrary filesystem locations. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but the issue is rated CVSS 9.1 because Archive::Tar is widely embedded in automated server-side processing of untrusted archives.
Arbitrary file modification in the Perl Archive::Tar module before version 3.08 allows a malicious tar archive to create hardlinks pointing outside the extraction directory. Any application or service that extracts attacker-supplied tarballs is affected: because extraction chmods the shared inode of a hardlink, an attacker can alter permissions of sensitive files outside the intended target path. EPSS is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis; it is not listed in CISA KEV.
Local privilege escalation in the Trend Micro Apex One scan engine allows low-privileged users on Windows endpoints to gain elevated privileges by abusing a link-following weakness (CWE-59) in the scanner's file-handling logic. The flaw affects on-premise Apex One 2019 builds prior to 14.0.0.14136 and the SaaS edition prior to 14.0.20315, with a patch available from Trend Micro; no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Arbitrary file read in Netatalk 3.0.2 through 4.4.2 allows authenticated remote attackers to create attacker-controlled symbolic links that the AFP server follows, exposing sensitive files outside the intended share. The flaw is fixed in version 4.4.3 and no public exploit identified at time of analysis. Securin reported the issue and the vendor has published an advisory at netatalk.io.
Local privilege escalation in Microsoft's Windows Admin Center (Azure Portal edition) allows an authenticated low-privileged attacker to gain higher privileges by abusing symbolic link resolution before file access. The flaw, reported by Microsoft itself, carries a CVSS 7.8 with no public exploit identified at time of analysis, and a vendor patch is available via the Microsoft Security Response Center advisory.
Local privilege escalation in Microsoft Defender (Malware Protection Engine) enables an authenticated low-privileged attacker to elevate to SYSTEM by abusing improper link resolution (CWE-59) before file access. The flaw scores CVSS 7.8 with high impact to confidentiality, integrity, and availability, and no public exploit is identified at time of analysis. Microsoft has released a patch via MSRC, and there is no current CISA KEV listing or EPSS signal indicating active mass exploitation.
An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.
Arbitrary file read in KubeVirt's virt-exportserver component allows authenticated namespace users to exfiltrate sensitive files from the exporter pod via symlink-based path traversal in the VMExport directory endpoint. The flaw, reported by Red Hat and impacting Red Hat OpenShift Virtualization 4, carries a CVSS 7.7 score driven by scope change and high confidentiality impact, though no public exploit identified at time of analysis.
Symlink-based authentication bypass and file corruption in pam_usb before 0.8.7 lets a local, low-privileged user defeat USB hardware authentication and overwrite root-owned files. By planting symlinks in the pad directory or on individual pad files, an attacker abuses CWE-59 link-following during the one-time-pad rotation that pam_usb performs on login, redirecting privileged file operations. No public exploit code has been identified at time of analysis, the issue is not listed in CISA KEV, and no EPSS score is available; exploitation requires local access plus a triggering authentication event.
Arbitrary file read on the Jenkins controller is possible in the Jenkins 'Pipeline: Groovy Libraries Plugin' (version 797.v90ea_a_9b_e45a_0 and earlier), where the plugin fails to prohibit symbolic links inside shared libraries. An attacker who can control the contents of a shared library consumed by a Pipeline job can plant symlinks that resolve to sensitive files (credentials, secrets, configuration) on the controller filesystem and exfiltrate them through the build. There is no public exploit identified at time of analysis, and SSVC marks exploitation status as none, so this is a patch-and-move-on issue rather than an active-exploitation emergency.
Symlink-based path traversal in the Perl module Archive::Tar before version 3.08 allows a malicious tar archive to write or point files outside the intended extraction directory. When an application extracts an attacker-supplied archive, symlink entries whose targets are absolute paths or contain '..' traversal sequences are followed without validation, letting an attacker place links that resolve to arbitrary filesystem locations. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but the issue is rated CVSS 9.1 because Archive::Tar is widely embedded in automated server-side processing of untrusted archives.
Arbitrary file modification in the Perl Archive::Tar module before version 3.08 allows a malicious tar archive to create hardlinks pointing outside the extraction directory. Any application or service that extracts attacker-supplied tarballs is affected: because extraction chmods the shared inode of a hardlink, an attacker can alter permissions of sensitive files outside the intended target path. EPSS is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis; it is not listed in CISA KEV.
Local privilege escalation in the Trend Micro Apex One scan engine allows low-privileged users on Windows endpoints to gain elevated privileges by abusing a link-following weakness (CWE-59) in the scanner's file-handling logic. The flaw affects on-premise Apex One 2019 builds prior to 14.0.0.14136 and the SaaS edition prior to 14.0.20315, with a patch available from Trend Micro; no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Arbitrary file read in Netatalk 3.0.2 through 4.4.2 allows authenticated remote attackers to create attacker-controlled symbolic links that the AFP server follows, exposing sensitive files outside the intended share. The flaw is fixed in version 4.4.3 and no public exploit identified at time of analysis. Securin reported the issue and the vendor has published an advisory at netatalk.io.
Local privilege escalation in Microsoft's Windows Admin Center (Azure Portal edition) allows an authenticated low-privileged attacker to gain higher privileges by abusing symbolic link resolution before file access. The flaw, reported by Microsoft itself, carries a CVSS 7.8 with no public exploit identified at time of analysis, and a vendor patch is available via the Microsoft Security Response Center advisory.
Local privilege escalation in Microsoft Defender (Malware Protection Engine) enables an authenticated low-privileged attacker to elevate to SYSTEM by abusing improper link resolution (CWE-59) before file access. The flaw scores CVSS 7.8 with high impact to confidentiality, integrity, and availability, and no public exploit is identified at time of analysis. Microsoft has released a patch via MSRC, and there is no current CISA KEV listing or EPSS signal indicating active mass exploitation.
An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.