CVE-2025-1683 – This vulnerability in the 1E Client's Nomad mod... (How to Fix)

Q: What is the severity of CVE-2025-1683?

CVE-2025-1683 has a CVSS score of 7.8 (HIGH). This vulnerability in the 1E Client's Nomad module allows attackers with local unprivileged access on Windows systems to delete arbitrary files by exploiting symbolic links. It affects 1E Client versions prior to 25.3. Attackers can leverage improper link resolution to bypass intended file access restrictions.

📋 TL;DR

This vulnerability in the 1E Client's Nomad module allows attackers with local unprivileged access on Windows systems to delete arbitrary files by exploiting symbolic links. It affects 1E Client versions prior to 25.3. Attackers can leverage improper link resolution to bypass intended file access restrictions.

💻 Affected Systems

Products:

1E Client

Versions: All versions prior to 25.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with 1E Client installed. Requires local unprivileged access to exploit.

📦 What is this software?

Platform by 1e

View all CVEs affecting Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to data loss, system instability, or denial of service.

🟠

Likely Case

Data destruction, deletion of user files, or disruption of applications by deleting configuration files.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, though file deletion could still occur.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly exploitable over network.

🏢 Internal Only: HIGH - Any compromised user account or malware with local execution can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to create symbolic links. Windows symbolic link creation typically requires specific privileges or configurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.3 or later

Vendor Advisory: https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/

Restart Required: No

Instructions:

1. Download 1E Client version 25.3 or later from official sources. 2. Install the update following standard deployment procedures. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict symbolic link creation

Windows

Configure Windows security policy to restrict creation of symbolic links to privileged users only

Configure via Group Policy: Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Create symbolic links

Monitor for symbolic link creation

Windows

Enable auditing for symbolic link creation events

auditpol /set /subcategory:"Other Object Access Events" /success:enable /failure:enable

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Deploy application control solutions to prevent unauthorized execution

🔍 How to Verify

Check if Vulnerable:

Check 1E Client version: Open 1E Client interface or check installed programs list for version number

Check Version:

wmic product where "name like '%1E Client%'" get version

Verify Fix Applied:

Confirm 1E Client version is 25.3 or higher after update

📡 Detection & Monitoring

Log Indicators:

Unexpected file deletion events in Windows Security logs
Symbolic link creation by non-privileged users
1E Client Nomad module errors

Network Indicators:

No network indicators - local exploitation only

SIEM Query:

EventID=4663 AND ObjectName LIKE '%\1E\%' AND AccessMask=0x10000

📊 Metadata

CVE ID: CVE-2025-1683

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-59

EPSS Score: 0.05% exploit probability (15.1th percentile)

Published: March 12, 2025

Last Updated: January 30, 2026

🔗 References

https://capec.mitre.org/data/definitions/27.html Not Applicable
https://cwe.mitre.org/data/definitions/59.html Not Applicable
https://nvd.nist.gov/vuln/detail/CVE-2025-1683 Third Party Advisory,US Government Resource
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1683, you might also want to check these: