CWE-641 (Improper Restriction of Names for Files and Other Resources) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| technology | — | Not Technology-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2019-25623 | 2026-03-23 | Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create … |
| CVE-2026-25177 | 2026-03-10 | Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. |
| CVE-2025-47953 | 2025-06-10 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
| CVE-2025-47173 | 2025-06-10 | Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally. |
| CVE-2024-47260 | 2025-03-04 | 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting… |
| CVE-2025-21402 | 2025-01-14 | Microsoft Office OneNote Remote Code Execution Vulnerability |
| CVE-2025-21361 | 2025-01-14 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2024-45312 | 2024-09-02 | Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary lang… |
| CVE-2024-30063 | 2024-06-11 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
| CVE-2023-0046 | 2023-01-04 | Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch. |
| CVE-2022-23536 | 2022-12-19 | Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read lo… |
| CVE-2022-36302 | 2022-08-01 | File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. |
| CVE-2021-41146 | 2021-10-21 | qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certa… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Common_Consequences, Relationships |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Description |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Common_Consequences |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Description, Name, Type |
| 2010-12-13 | CWE Content Team | 1.11 | — | updated Common_Consequences |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Observed_Examples, Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2017-05-03 | CWE Content Team | 2.11 | — | updated Potential_Mitigations |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-06-25 | CWE Content Team | 4.1 | — | updated Potential_Mitigations, Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Weakness_Ordinalities |