Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.
Fixes

Solution

Update to the latest version.


Workaround

No workaround given by the vendor.

History

Wed, 01 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Oct 2025 14:00:00 +0000

Type Values Removed Values Added
Description Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.
Title Privilege Escalation via Symbolic Link Spoofing in TeamViewer Client
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: TV

Published:

Updated: 2025-10-01T13:59:17.408Z

Reserved: 2025-04-30T08:08:15.983Z

Link: CVE-2025-41421

cve-icon Vulnrichment

Updated: 2025-10-01T13:59:15.170Z

cve-icon NVD

Status : Received

Published: 2025-10-01T14:15:39.953

Modified: 2025-10-01T14:15:39.953

Link: CVE-2025-41421

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.