CWE-69
Improper Handling of Windows ::DATA Alternate Data Stream
Extended description
An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and 'dir' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.
Common consequences1
- Access ControlNon-RepudiationOtherBypass Protection MechanismHide ActivitiesOther
Potential mitigations1
- Implementation
Ensure that the source code correctly parses the filename to read or write to the correct stream.
Relationships1
- ChildOfCWE-66
CVEs referencing this CWE2
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2024-43033 | JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358. | HIGH8.8 | 0.98%p58 | 2025-06-03 | |
| CVE-2025-3941 | Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | CRITICAL9.8 | 0.47%p37 | 2025-06-04 |