CVE-2025-12341
📋 TL;DR
This vulnerability in AntiDupl software allows local attackers to exploit link following (symlink attack) through the Delete Duplicate Image Handler function. Attackers could potentially delete or manipulate files they shouldn't have access to. Only users with local access to the system running vulnerable AntiDupl versions are affected.
💻 Affected Systems
- ermig1979 AntiDupl
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Privilege escalation leading to arbitrary file deletion or modification, potentially enabling system compromise or data destruction.
Likely Case
Local user could delete or manipulate files in directories accessible to the AntiDupl process, potentially affecting other users' data.
If Mitigated
Limited to file operations within the AntiDupl application's scope with proper user isolation and file permissions.
🎯 Exploit Status
Requires local access and knowledge of symlink attacks. No public exploit code found in references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown - vendor did not respond to disclosure
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Consider upgrading if vendor releases fix, or discontinue use of vulnerable versions.
🔧 Temporary Workarounds
Disable Delete Duplicate Image Handler
windowsAvoid using the vulnerable Delete Duplicate Image Handler function in AntiDupl
Run with Limited Privileges
windowsRun AntiDupl with minimal necessary file permissions to limit potential damage
🧯 If You Can't Patch
- Restrict local access to systems running AntiDupl
- Monitor file deletion activities and AntiDupl process behavior
🔍 How to Verify
Check if Vulnerable:
Check AntiDupl version in Help > About menu. If version is 2.3.12 or earlier, system is vulnerable.Check Version:
Check AntiDupl GUI: Help > About, or examine file properties of AntiDupl.NET.WinForms.exeVerify Fix Applied:
No fix available to verify. If vendor releases update, verify version is above 2.3.12.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion patterns by AntiDupl process
- Multiple file operations on symlinked paths
Network Indicators:
- None - local attack only
SIEM Query:
Process:AntiDupl.NET.WinForms.exe AND (FileDelete OR FileModify) on suspicious paths