1E · 1E Client · CVE-2025-1683
Name of the Vulnerable Software and Affected Versions:
1E Client versions prior to 25.3
Description:
The issue is related to improper link resolution before file access in the Nomad module, allowing an attacker with local unprivileged access on a Windows system to delete arbitrary files by exploiting symbolic links.
Recommendations:
For versions prior to 25.3, update to version 25.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Nomad module to minimize the risk of exploitation.