Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.
Metrics
Affected Vendors & Products
Fixes
Solution
Update to the latest version.
Workaround
No workaround given by the vendor.
References
History
Wed, 01 Oct 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 01 Oct 2025 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information. | |
Title | Privilege Escalation via Symbolic Link Spoofing in TeamViewer Client | |
Weaknesses | CWE-59 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: TV
Published:
Updated: 2025-10-01T13:59:17.408Z
Reserved: 2025-04-30T08:08:15.983Z
Link: CVE-2025-41421

Updated: 2025-10-01T13:59:15.170Z

Status : Received
Published: 2025-10-01T14:15:39.953
Modified: 2025-10-01T14:15:39.953
Link: CVE-2025-41421

No data.

No data.