Cyber Posture

CVE-2025-1683

High

Published: 12 March 2025

Published
12 March 2025
Modified
30 January 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 40.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1683 is a high-severity Link Following (CWE-59) vulnerability in 1E Platform. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data Destruction (T1485); ranked at the 40.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data Destruction (T1485). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires identification, reporting, and timely correction of the improper link resolution flaw in the Nomad module, as evidenced by the vendor patch in version 25.3.

SI-10 Information Input Validation partial match
prevent

Mandates validation of file path inputs to prevent exploitation of symbolic links through improper resolution before access in the Nomad module.

AC-6 Least Privilege partial match
prevent

Enforces least privilege for the Nomad module process, limiting the scope of arbitrary file deletions achievable via local unprivileged symlink exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
attack.mitre.org →
Why these techniques?

The vulnerability enables local attackers to delete arbitrary files via symbolic link exploitation (CWE-59), directly facilitating data destruction by targeting sensitive data or system files.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic…

more

links.

Deeper analysisAI

CVE-2025-1683 involves improper link resolution before file access in the Nomad module of the 1E Client, affecting versions prior to 25.3 on Windows systems. Published on 2025-03-12, this vulnerability (CWE-59) enables exploitation of symbolic links and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from local attacks.

An attacker with local unprivileged access on the affected Windows device can exploit the flaw to delete arbitrary files. The low attack complexity and lack of required user interaction make it feasible for any local user account to target sensitive data or system files via crafted symbolic links during Nomad module operations.

Vendor guidance in the TeamViewer security bulletin (1e-2025-2001) and the NVD entry detail mitigation, with the issue resolved in 1E Client version 25.3 and later. Security practitioners should consult https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/ for patching instructions, alongside CWE-59 and related CAPEC-27 resources at their respective MITRE links and https://nvd.nist.gov/vuln/detail/CVE-2025-1683.

Details

CWE(s)
CWE-59

Affected Products

1e
platform
≤ 25.3

CVEs Like This One

CVE-2026-35349Shared CWE-59
CVE-2026-23563Shared CWE-59
CVE-2025-15313Shared CWE-59
CVE-2025-15314Shared CWE-59
CVE-2025-66680Shared CWE-59
CVE-2026-5161Shared CWE-59
CVE-2026-40931Shared CWE-59
CVE-2026-32054Shared CWE-59
CVE-2026-31979Shared CWE-59
CVE-2025-66277Shared CWE-59

References