BaseDraft

CWE-363Race Condition Enabling Link Following

Category: logic

Description

The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the product to access the wrong file. While developers might expect that there is a very narrow time window between the time of check and time of use, there is still a race condition. An attacker could cause the product to slow down (e.g. with memory consumption), causing the time window to become larger. Alternately, in some situations, the attacker could win the race by performing a large number of attacks.

Common consequences· 1

  • Confidentiality / Integrity — Read Files or Directories, Modify Files or Directories

Related CAPEC attack patterns· 1

CAPEC-26

References

  1. https://cwe.mitre.org/data/definitions/363.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternLeveraging Race Conditionscapec-26100%live

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-62161cve-2025-621610%live
VulnerabilityCVE-2025-62596cve-2025-625960%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
UNIX Hard Link
CWE
UNIX Symbolic Link (Symlink) Following
CWE
Race Condition During Access to Alternate Channel
CWE
Improper Link Resolution Before File Access ('Link Following')
CWE
Improper Resource Locking
CWE
Incorrect Synchronization
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.