CWE-59: Improper Link Resolution Before File Access ('Link Following')
Official CWE-59 CWE context with Glexia analysis, remediation guidance, related CVEs, and ATT&CK context.
Glexia's Take
CWE-59: insecure temporary file
Improper Link Resolution Before File Access ('Link Following') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Executive Impact
- Confidentiality,Integrity,Access Control: Read Files or Directories,Modify Files or Directories,Bypass Protection Mechanism: An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism.
- Other: Execute Unauthorized Code or Commands: Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a ".LNK" file can be uploaded like a normal file. This can enable remote execution.
Developer Pattern
CWE-59 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.
Confidence
high confidence from CWE-59, 4.20.
Official CWE Definition
CWE-59: Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Developer And Remediation Guidance
How teams prevent and detect this weakness
Causes
- Missing validation
- Unsafe defaults
- Insufficient authorization or memory-safety invariant
Remediation
- Architecture and Design: [object Object]
Detection
- Automated Static Analysis - Binary or Bytecode: [object Object]
- Manual Static Analysis - Binary or Bytecode: [object Object]
- Dynamic Analysis with Automated Results Interpretation: [object Object]
- Dynamic Analysis with Manual Results Interpretation: [object Object]
- Manual Static Analysis - Source Code: [object Object]
- Automated Static Analysis - Source Code: [object Object]
- Architecture or Design Review: [object Object]
Mappings
Related CVEs, CWEs, and ATT&CK context
Related CWEs
- CWE-1386: Insecure Operation on Windows Junction / Mount Point
- CWE-363: Race Condition Enabling Link Following
- CWE-706: Use of Incorrectly-Resolved Name or Reference
- CWE-706: Use of Incorrectly-Resolved Name or Reference
- CWE-61: UNIX Symbolic Link (Symlink) Following
- CWE-62: UNIX Hard Link
- CWE-64: Windows Shortcut Following (.LNK)
- CWE-65: Windows Hard Link
- CWE-73: External Control of File Name or Path
ATT&CK Relevance
ATT&CK relevance is shown only when reviewed or responsibly inferred.