CVE-2025-12341 is a vulnerability identified in the ermig1979 AntiDupl software, specifically affecting versions 2.3.0 through 2.3.12. The flaw resides in an unspecified function within the AntiDupl.NET.WinForms.exe binary, particularly in the Delete Duplicate Image Handler component. The vulnerability enables an attacker with local access and low privileges to perform link following, which can be interpreted as the software following symbolic links or similar references in a way that could be manipulated to access or modify unintended files or directories. This behavior may allow unauthorized disclosure or modification of data, or disruption of normal application operation, impacting confidentiality, integrity, and availability. The CVSS 4.0 base score is 8.5, indicating a high severity, with attack vector limited to local (AV:L), low attack complexity (AC:L), no attack prerequisites (AT:N), requiring low privileges (PR:L), and no user interaction (UI:N). The vulnerability has high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). The vendor was contacted but did not respond, and no patches or known exploits are currently available. The lack of vendor response and patch availability increases the risk for organizations relying on this software. Since exploitation requires local access, the threat is primarily from malicious insiders or compromised local accounts. The vulnerability could be leveraged to escalate privileges or access sensitive files indirectly through the link-following behavior. Organizations using AntiDupl for image deduplication should be aware of this risk, especially in environments where local user access is not tightly controlled.

For European organizations, the impact of CVE-2025-12341 could be significant in environments where AntiDupl is used to manage large image repositories, such as media companies, digital archives, or research institutions. The vulnerability allows local attackers with limited privileges to potentially access or modify files beyond their intended scope, risking data confidentiality and integrity. This could lead to unauthorized disclosure of sensitive images or data, tampering with stored files, or disruption of deduplication processes, affecting availability. In regulated sectors like finance, healthcare, or government, such breaches could result in compliance violations and reputational damage. The requirement for local access limits remote exploitation but does not eliminate risk, especially in multi-user systems or where endpoint security is weak. The absence of vendor patches means organizations must rely on compensating controls, increasing operational overhead. Additionally, if attackers gain initial local foothold via other means, this vulnerability could facilitate lateral movement or privilege escalation within networks.

To mitigate CVE-2025-12341, European organizations should first restrict local access to systems running AntiDupl to trusted users only and enforce the principle of least privilege to minimize the risk from low-privilege accounts. Implement strict access controls on directories and files used by AntiDupl to prevent unauthorized symbolic link creation or manipulation. Employ application whitelisting and endpoint detection to monitor and block suspicious behaviors related to AntiDupl.NET.WinForms.exe. Regularly audit local user accounts and remove unnecessary privileges or dormant accounts. Since no official patch is available, consider isolating systems running vulnerable versions or using alternative deduplication tools with better security posture. Deploy host-based intrusion detection systems (HIDS) to detect anomalous file system activities indicative of link-following exploitation. Maintain comprehensive logging and monitor for unusual access patterns. Finally, prepare incident response plans that include this vulnerability scenario and educate local users about the risks of executing untrusted files or scripts that could exploit local vulnerabilities.