Skip to main content

AntiDupl CVE-2025-12341

HIGH
Improper Link Resolution Before File Access (CWE-59)
2025-10-28 cna@vuldb.com
7.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 29, 2026 - 01:16 vuln.today

DescriptionCVE.org

A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulation results in link following. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Link following vulnerability in AntiDupl.NET.WinForms.exe (versions through 2.3.12) allows local authenticated users to manipulate file operations during duplicate image deletion, potentially achieving unauthorized file access or modification with elevated integrity. Proof-of-concept exploit code exists (CVSS E:P). The vendor (ermig1979) was notified but has not responded, leaving users without an official patch.

Technical ContextAI

This is a CWE-59 link following vulnerability, also known as symlink attack or TOCTOU (Time-of-Check-Time-of-Use) race condition. AntiDupl is a duplicate image detection tool for Windows that uses .NET WinForms framework. The vulnerable component is AntiDupl.NET.WinForms.exe's Delete Duplicate Image Handler. When this handler processes file deletions, it fails to properly validate symbolic links or junctions before operating on files. An attacker can create a symbolic link pointing to a sensitive file in a location where AntiDupl will attempt to delete duplicates. Because the application runs with the user's privileges and doesn't verify the true target of filesystem links, it can be manipulated to delete, overwrite, or expose files the attacker couldn't normally access. The CVSS 4.0 vector shows high confidentiality, integrity, and availability impact (VC:H/VI:H/VA:H) limited to the vulnerable component only (SC:N/SI:N/SA:N), indicating no scope change beyond the application's security context.

Affected ProductsAI

AntiDupl (ermig1979) versions up to and including 2.3.12 are confirmed vulnerable. The specific affected component is AntiDupl.NET.WinForms.exe, the Windows Forms-based graphical interface for the duplicate image detection tool. All Windows platforms running these versions are affected. No CPE identifier is available in NVD data. The vendor GitHub repository is github.com/ermig1979/AntiDupl, last release v2.3.12 from 2020. No vendor security advisory has been published despite early notification per VulDB disclosure timeline.

RemediationAI

No official vendor patch is available as ermig1979 has not responded to vulnerability disclosure. Users must implement compensating controls: (1) Restrict AntiDupl usage to single-user systems or trusted user contexts only - do not use on multi-user systems where local privilege escalation is a concern, (2) Run AntiDupl.NET.WinForms.exe with minimum necessary privileges using Windows runas or User Account Control to limit potential damage scope, (3) Manually review deletion targets before executing bulk delete operations and avoid running the deletion function on directories where users can create symbolic links (system directories, shared folders), (4) Monitor filesystem for unexpected symbolic links in directories processed by AntiDupl using tools like Sysinternals fsutil or third-party link detection utilities, (5) Consider migrating to alternative duplicate image detection tools with active maintenance and security response programs. VulDB advisory available at https://vuldb.com/?id.330127 and POC documentation at https://drive.google.com/file/d/19jwaqUji6O3U6EAeUMixBM58QTc4qNMQ/view?usp=sharing. Side effects: restricting privileges may prevent AntiDupl from accessing all intended image directories; manual review significantly slows bulk operations; migration requires workflow changes and new tool evaluation.

Share

CVE-2025-12341 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy