This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A user may be able to elevate privileges.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.