CVE-2025-1683

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1683
Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://capec.mitre.org/data/definitions/27.html Not Applicable
https://cwe.mitre.org/data/definitions/59.html Not Applicable
https://nvd.nist.gov/vuln/detail/CVE-2025-1683 Third Party Advisory US Government Resource
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:1e:platform:*:*:*:*:*:*:*:*
History

30 Jan 2026, 16:36

Type Values Removed Values Added
First Time 1e
1e platform
CPE cpe:2.3:a:1e:platform:*:*:*:*:*:*:*:*
References () https://capec.mitre.org/data/definitions/27.html - () https://capec.mitre.org/data/definitions/27.html - Not Applicable
References () https://cwe.mitre.org/data/definitions/59.html - () https://cwe.mitre.org/data/definitions/59.html - Not Applicable
References () https://nvd.nist.gov/vuln/detail/CVE-2025-1683 - () https://nvd.nist.gov/vuln/detail/CVE-2025-1683 - Third Party Advisory, US Government Resource
References () https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/ - () https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/ - Third Party Advisory

15 May 2025, 15:16

Type Values Removed Values Added
References
  • {'url': 'https://www.1e.com/trust-security-compliance/?ac=0-4', 'source': 'security@1e.com'}
  • {'url': 'https://www.1e.com/trust-security-compliance/cve-info/', 'source': 'security@1e.com'}
  • () https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/ -
Summary
  • (es) La resolución de enlace incorrecta antes del acceso a archivos en el módulo Nomad del Cliente 1E, en versiones anteriores a la 25.3, permite a un atacante con acceso local sin privilegios en un sistema Windows eliminar archivos arbitrarios en el dispositivo mediante la explotación de enlaces simbólicos.

13 Mar 2025, 10:15

Type Values Removed Values Added
References
  • () https://www.1e.com/trust-security-compliance/?ac=0-4 -

12 Mar 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-12 16:15

Updated : 2026-01-30 16:36

NVD link : CVE-2025-1683

Mitre link : CVE-2025-1683

CVE.ORG link : CVE-2025-1683

JSON object : View

Products Affected

1e

  • platform
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')