CVE-2025-41421
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-02
Assigner: TeamViewer Germany GmbH
Description
Description
Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows β in versions prior to 15.70 of TeamViewer Remote and Tensor β allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teamviewer | teamviewer_host | * |
| teamviewer | tensor | * |
| teamviewer | teamviewer_full_client | * |
| teamviewer | teamviewer_remote | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper handling of symbolic links in TeamViewer Full Client and Host for Windows versions prior to 15.70. An attacker with local, unprivileged access on a device without adequate malware protection can exploit this by spoofing the update file path, leading to privilege escalation.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to escalate their privileges on the affected system, potentially resulting in unauthorized access to sensitive information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70