CVE-2025-1683

Summary

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.

Affected Software

VendorProductVersion RangeStatus
1E1E Client0 <= 24.5affected
1E1E Client0 <= 25.1affected
1E1E Client25.3unaffected

Weaknesses

  • CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References