Symbolic link exploit in 1E client

CVE-ID

CVE-2025-1683

Description

A zero-day security vulnerability, “Improper Link Resolution Before File Access,” was identified in the Nomad module of the 1E Client versions prior to 25.3. This vulnerability allows an attacker with local, unprivileged access on a Windows system to delete arbitrary files by exploiting symbolic links.

 

–  1E Client v25.1 – hotfix Q23589 or later
–  1E Client v24.5 – hotfix Q23583 or later
–  1E Content Distribution Tools v25.1 – hotfix Q23591 or later

CVSS3.1 Score

Base Score 7.8 (High)

CVSS3.1 Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem type

CWE 59: Symbolic link exploit in 1E client – Nomad module allows arbitrary file deletion