UNIX Symbolic Link (Symlink) Following

CVE-2025-23394

High

9.8/10

Summary

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-61 - UNIX Symbolic Link (Symlink) Following

The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

References

Advisory Timeline

Published May 26, 2025

UNIX Symbolic Link (Symlink) Following

CVE-2025-23394

Summary

CWE-61 - UNIX Symbolic Link (Symlink) Following

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS