{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-44002", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "state": "PUBLISHED", "assignerShortName": "TV", "dateReserved": "2025-04-30T08:08:15.979Z", "datePublished": "2025-08-26T11:05:22.270Z", "dateUpdated": "2025-08-26T14:39:04.138Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Full Client", "vendor": "TeamViewer", "versions": [{"lessThan": "15.69", "status": "affected", "version": "11.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Host", "vendor": "TeamViewer", "versions": [{"lessThan": "15.69", "status": "affected", "version": "11.0.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Trend Micro Zero Day Initiative"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior <span style=\"background-color: rgba(0, 107, 255, 0.2);\">v</span>ersion 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to <span style=\"background-color: rgba(0, 107, 255, 0.2);\">a </span>denial-of-service condition, via symbolic link manipulation during directory verification.</span>"}], "value": "Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification."}], "impacts": [{"capecId": "CAPEC-27", "descriptions": [{"lang": "en", "value": "CAPEC-27 Leveraging Race Conditions via Symbolic Links"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2025-08-26T11:05:22.270Z"}, "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1003/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to the latest version.\n\n<br>"}], "value": "Update to the latest version."}], "source": {"discovery": "UNKNOWN"}, "title": "Arbitrary File Creation via Symbolic Link leading to Denial-of-Service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-26T14:19:37.473698Z", "id": "CVE-2025-44002", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-26T14:39:04.138Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-44002", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-26T14:19:37.473698Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-26T14:37:23.610Z"}}], "cna": {"title": "Arbitrary File Creation via Symbolic Link leading to Denial-of-Service", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Trend Micro Zero Day Initiative"}], "impacts": [{"capecId": "CAPEC-27", "descriptions": [{"lang": "en", "value": "CAPEC-27 Leveraging Race Conditions via Symbolic Links"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TeamViewer", "product": "Full Client", "versions": [{"status": "affected", "version": "11.0.0", "lessThan": "15.69", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "product": "Host", "versions": [{"status": "affected", "version": "11.0.0", "lessThan": "15.69", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to the latest version.", "supportingMedia": [{"type": "text/html", "value": "Update to the latest version.\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1003/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior <span style=\"background-color: rgba(0, 107, 255, 0.2);\">v</span>ersion 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to <span style=\"background-color: rgba(0, 107, 255, 0.2);\">a </span>denial-of-service condition, via symbolic link manipulation during directory verification.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2025-08-26T11:05:22.270Z"}}}, "cveMetadata": {"cveId": "CVE-2025-44002", "state": "PUBLISHED", "dateUpdated": "2025-08-26T14:39:04.138Z", "dateReserved": "2025-04-30T08:08:15.979Z", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "datePublished": "2025-08-26T11:05:22.270Z", "assignerShortName": "TV"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification."}, {"lang": "es", "value": "La condici\u00f3n de ejecuci\u00f3n en la l\u00f3gica de validaci\u00f3n de directorio en el cliente completo y el host de TeamViewer en versiones anteriores a 15.69 en Windows permite que un usuario local no administrador cree archivos arbitrarios con privilegios de SYSTEM, lo que puede generar una condici\u00f3n de denegaci\u00f3n de servicio mediante la manipulaci\u00f3n de un enlace simb\u00f3lico durante la verificaci\u00f3n del directorio."}], "id": "CVE-2025-44002", "lastModified": "2025-08-26T13:41:58.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "psirt@teamviewer.com", "type": "Secondary"}]}, "published": "2025-08-26T11:15:32.437", "references": [{"source": "psirt@teamviewer.com", "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1003/"}], "sourceIdentifier": "psirt@teamviewer.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "psirt@teamviewer.com", "type": "Secondary"}]}

{}

{"created": "2025-08-27T11:21:37.723511+00:00", "updated": "2025-08-27T11:21:37.723566+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$windows", "teamviewer", "teamviewer$PRODUCT$full_client", "teamviewer$PRODUCT$host"]}