Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-363 (允许符号链接跟随的竞争条件) — Vulnerability Class 5

5 vulnerabilities classified as CWE-363 (允许符号链接跟随的竞争条件). AI Chinese analysis included.

CWE-363 represents a critical logic flaw where software validates a file’s integrity or existence before accessing it, creating a vulnerable window for attackers to substitute the target with a symbolic link. This race condition exploits the temporal gap between the initial check and the subsequent use, allowing malicious actors to redirect the application to unintended resources, such as sensitive system files or configuration data. Developers typically mitigate this risk by employing atomic operations that combine verification and access into a single, indivisible step, thereby eliminating the exploitable interval. Alternatively, using secure file descriptors or locking mechanisms ensures that the resource remains consistent throughout the operation, preventing unauthorized redirection and maintaining the intended security posture against such temporal manipulation attacks.

MITRE CWE Description
The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the product to access the wrong file. While developers might expect that there is a very narrow time window between the time of check and time of use, there is still a race condition. An attacker could cause the product to slow down (e.g. with memory consumption), causing the time window to become larger. Alternately, in some situations, the attacker could win the race by performing a large number of attacks.
Common Consequences (1)
Confidentiality, IntegrityRead Files or Directories, Modify Files or Directories
Examples (1)
This code prints the contents of a file if a user has permission.
function readFile($filename){ $user = getCurrentUser(); //resolve file if its a symbolic link if(is_link($filename)){ $filename = readlink($filename); } if(fileowner($filename) == $user){ echo file_get_contents($realFile); return; } else{ echo 'Access denied'; return false; } }
Bad · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-13492 HP Image Assistant - Potential Escalation of Privilege — HP Image Assistant 7.0AIHighAI2025-12-03
CVE-2025-62161 youki container escape via "masked path" abuse due to mount race conditions — youki 8.4 -2025-11-05
CVE-2024-45310 runc can be confused to create empty files/directories on the host — runc 3.6 Low2024-09-03
CVE-2022-21658 Race condition in std::fs::remove_dir_all in rustlang — rust 7.3 High2022-01-20
CVE-2018-6693 Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability — Endpoint Security for Linux Threat Prevention (ENSLTP) 6.3 -2018-09-18

Vulnerabilities classified as CWE-363 (允许符号链接跟随的竞争条件) represent 5 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.