CVE-2025-1683
Published: 12 March 2025
Description
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Security Summary
CVE-2025-1683 involves improper link resolution before file access in the Nomad module of the 1E Client, affecting versions prior to 25.3 on Windows systems. Published on 2025-03-12, this vulnerability (CWE-59) enables exploitation of symbolic links and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from local attacks.
An attacker with local unprivileged access on the affected Windows device can exploit the flaw to delete arbitrary files. The low attack complexity and lack of required user interaction make it feasible for any local user account to target sensitive data or system files via crafted symbolic links during Nomad module operations.
Vendor guidance in the TeamViewer security bulletin (1e-2025-2001) and the NVD entry detail mitigation, with the issue resolved in 1E Client version 25.3 and later. Security practitioners should consult https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/ for patching instructions, alongside CWE-59 and related CAPEC-27 resources at their respective MITRE links and https://nvd.nist.gov/vuln/detail/CVE-2025-1683.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables local attackers to delete arbitrary files via symbolic link exploitation (CWE-59), directly facilitating data destruction by targeting sensitive data or system files.