CVE-2025-1683

Symbolic Link Exploit in 1E Client's - Nomad module allows Arbitrary File Deletion

CVSS 7.8 HIGHEPSS 0.2%CWE-59

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

1E · 1E Client

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://capec.mitre.org/data/definitions/27.html https://cwe.mitre.org/data/definitions/59.html https://nvd.nist.gov/vuln/detail/CVE-2025-1683 https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/