CVE-2025-1683 (GCVE-0-2025-1683)

Vulnerability from cvelistv5 – Published: 2025-03-12 15:25 – Updated: 2025-06-18 18:40
VLAI?
Title
Symbolic Link Exploit in 1E Client's - Nomad module allows Arbitrary File Deletion
Summary
Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
1E
References
Impacted products
Vendor Product Version
1E 1E Client Affected: 0 , ≤ 24.5 (custom)
Affected: 0 , ≤ 25.1 (custom)
Unaffected: 25.3 (custom)
Create a notification for this product.
Credits
Simeon Bunchev
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1683",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T15:40:48.449073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T15:36:42.467Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Nomad",
            "1EContentDistributionTools-NomadBranchTools"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "1E Client",
          "vendor": "1E",
          "versions": [
            {
              "changes": [
                {
                  "at": "MSP-Q23583",
                  "status": "unaffected"
                },
                {
                  "at": "MSP-Q23591",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "24.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "MSP-Q23589",
                  "status": "unaffected"
                },
                {
                  "at": "MSP-Q23591",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "25.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "25.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Simeon Bunchev"
        }
      ],
      "datePublic": "2025-03-12T14:32:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cp\u003eImproper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.\u003c/p\u003e\u003c/div\u003e"
            }
          ],
          "value": "Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-27",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-27 Leveraging Race Conditions via Symbolic Links"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T18:40:59.816Z",
        "orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
        "shortName": "1E"
      },
      "references": [
        {
          "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1683"
        },
        {
          "url": "https://cwe.mitre.org/data/definitions/59.html"
        },
        {
          "url": "https://capec.mitre.org/data/definitions/27.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Symbolic Link Exploit in 1E Client\u0027s - Nomad module allows Arbitrary File Deletion",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
    "assignerShortName": "1E",
    "cveId": "CVE-2025-1683",
    "datePublished": "2025-03-12T15:25:27.765Z",
    "dateReserved": "2025-02-25T10:27:23.761Z",
    "dateUpdated": "2025-06-18T18:40:59.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-1683\",\"sourceIdentifier\":\"security@1e.com\",\"published\":\"2025-03-12T16:15:20.660\",\"lastModified\":\"2025-05-15T15:16:08.307\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.\"},{\"lang\":\"es\",\"value\":\"La resoluci\u00f3n de enlace incorrecta antes del acceso a archivos en el m\u00f3dulo Nomad del Cliente 1E, en versiones anteriores a la 25.3, permite a un atacante con acceso local sin privilegios en un sistema Windows eliminar archivos arbitrarios en el dispositivo mediante la explotaci\u00f3n de enlaces simb\u00f3licos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@1e.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@1e.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"references\":[{\"url\":\"https://capec.mitre.org/data/definitions/27.html\",\"source\":\"security@1e.com\"},{\"url\":\"https://cwe.mitre.org/data/definitions/59.html\",\"source\":\"security@1e.com\"},{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2025-1683\",\"source\":\"security@1e.com\"},{\"url\":\"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/\",\"source\":\"security@1e.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-1683\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-12T15:40:48.449073Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-12T15:36:38.721Z\"}}], \"cna\": {\"title\": \"Symbolic Link Exploit in 1E Client\u0027s - Nomad module allows Arbitrary File Deletion\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Simeon Bunchev\"}], \"impacts\": [{\"capecId\": \"CAPEC-27\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-27 Leveraging Race Conditions via Symbolic Links\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"1E\", \"modules\": [\"Nomad\", \"1EContentDistributionTools-NomadBranchTools\"], \"product\": \"1E Client\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"MSP-Q23583\", \"status\": \"unaffected\"}, {\"at\": \"MSP-Q23591\", \"status\": \"unaffected\"}], \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"24.5\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"MSP-Q23589\", \"status\": \"unaffected\"}, {\"at\": \"MSP-Q23591\", \"status\": \"unaffected\"}], \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"25.1\"}, {\"status\": \"unaffected\", \"version\": \"25.3\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-03-12T14:32:00.000Z\", \"references\": [{\"url\": \"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/\"}, {\"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2025-1683\"}, {\"url\": \"https://cwe.mitre.org/data/definitions/59.html\"}, {\"url\": \"https://capec.mitre.org/data/definitions/27.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cp\u003eImproper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.\u003c/p\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-59\", \"description\": \"CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"4a68d2b9-b68a-4765-95bd-17f35092666b\", \"shortName\": \"1E\", \"dateUpdated\": \"2025-06-18T18:40:59.816Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-1683\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-18T18:40:59.816Z\", \"dateReserved\": \"2025-02-25T10:27:23.761Z\", \"assignerOrgId\": \"4a68d2b9-b68a-4765-95bd-17f35092666b\", \"datePublished\": \"2025-03-12T15:25:27.765Z\", \"assignerShortName\": \"1E\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.