CVE-2025-1683

HIGH

1E Platform < 25.3 - Symlink Following

Title source: rule

Description

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.

References (4)

[Not Applicable] https://capec.mitre.org/data/definitions/27.html

[Not Applicable] https://cwe.mitre.org/data/definitions/59.html

[Third Party Advisory, US Government Resource] https://nvd.nist.gov/vuln/detail/CVE-2025-1683

[Third Party Advisory] https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/

Scores

CVSS v3 7.8

EPSS 0.0019

EPSS Percentile 40.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-59

Status published

Products (1)

1e/platform < 25.3

Published Mar 12, 2025

Tracked Since Feb 18, 2026