CVE-2025-44002
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-08-26
Assigner: TeamViewer Germany GmbH
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teamviewer | remote_host | * |
| teamviewer | remote_full_client | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a race condition (time-of-check time-of-use) in the directory validation logic of TeamViewer Full Client and Host for Windows versions prior to 15.69. It allows a local non-administrative user to manipulate symbolic links during directory verification to create arbitrary files with SYSTEM privileges. This means an attacker with local access can escalate privileges and potentially cause a denial-of-service condition. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow a local non-admin user to create files with SYSTEM-level privileges, which can lead to unauthorized modification of system files or denial-of-service conditions. This could disrupt system availability and integrity, potentially affecting the normal operation of the affected Windows system running TeamViewer versions prior to 15.69. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability requires local access and involves symbolic link manipulation during directory verification in TeamViewer versions prior to 15.69 on Windows. Detection would involve checking the installed TeamViewer version to see if it is older than 15.69. You can check the installed version by running commands such as 'wmic product where "name like 'TeamViewer%'" get version' or checking the TeamViewer application properties. Additionally, monitoring for unusual symbolic link creations or file manipulations by non-admin users might help, but no specific detection commands are provided. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update TeamViewer on Windows systems to version 15.69 or later, where this vulnerability is resolved. Restrict local user permissions to prevent non-administrative users from manipulating symbolic links if updating is not immediately possible. [1]