Home

Description

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.

PUBLISHED Reserved 2025-04-30 | Published 2025-10-01 | Updated 2025-10-01 | Assigner TV




MEDIUM: 4.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-59 Improper Link Resolution Before File Access ('Link Following')

Product status

Default status
unaffected

11.0.0 before 15.70
affected

Default status
unaffected

11.0.0 before 15.70
affected

Credits

@TwoSevenOneT (X) with ZeroSalarium.com finder

References

www.teamviewer.com/...enter/security-bulletins/tv-2025-1004/

cve.org (CVE-2025-41421)

nvd.nist.gov (CVE-2025-41421)

Download JSON