1E-2025-2001

Bulletin ID: 1E-2025-2001
Issue Date: 12 мар. 2025 г.
Last Update: 13 мар. 2025 г.
Priority: Important
CVSS: 7.8 (High)
Assigned CVE: CVE-2025-1683
Affected Products: 1E Client – Nomad Module; 1E Content Distribution Tools v25.1

CVE-ID	CVE-2025-1683
Description	A zero-day security vulnerability, “Improper Link Resolution Before File Access,” was identified in the Nomad module of the 1E Client versions prior to 25.3. This vulnerability allows an attacker with local, unprivileged access on a Windows system to delete arbitrary files by exploiting symbolic links. – 1E Client v25.1 – hotfix Q23589 or later – 1E Client v24.5 – hotfix Q23583 or later – 1E Content Distribution Tools v25.1 – hotfix Q23591 or later
CVSS3.1 Score	Base Score 7.8 (High)
CVSS3.1 Vector String	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem type	CWE 59: Symbolic link exploit in 1E client – Nomad module allows arbitrary file deletion

Product	Versions
1E Client – Nomad Module	Prior 25.3
1E Content Distribution Tools v25.1	Prior 25.3

Symbolic link exploit in 1E client