CWE Reference

CWE-64: Windows Shortcut Following (.LNK)

Official CWE-64 CWE context with Glexia analysis, remediation guidance, related CVEs, and ATT&CK context.

Release 4.20weaknessIncomplete

Glexia's Take

CWE-64: Windows symbolic link following

Windows Shortcut Following (.LNK) represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

Executive Impact

Confidentiality,Integrity: Read Files or Directories,Modify Files or Directories: The shortcut (file with the .lnk extension) can permit an attacker to read/write a file that they originally did not have permissions to access.

Developer Pattern

CWE-64 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.

Confidence

high confidence from CWE-64, 4.20.

Official CWE Definition

CWE-64: Windows Shortcut Following (.LNK)

The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

Type: weakness
Abstraction: Variant
Status: Incomplete
Source: MITRE CWE definition

Developer And Remediation Guidance

How teams prevent and detect this weakness

Causes

Missing validation
Unsafe defaults
Insufficient authorization or memory-safety invariant

Remediation

Architecture and Design: [object Object]

Detection

Code review
SAST
DAST
Focused regression tests

Mappings

Related CVEs, CWEs, and ATT&CK context

Related CWEs

CWE-59: Improper Link Resolution Before File Access ('Link Following')

Related CVEs

Related CVE mappings appear after CVE records are cross-indexed.

Open CWE CVE mapping

ATT&CK Relevance

ATT&CK relevance is shown only when reviewed or responsibly inferred.