CVE-2025-41421

Medium CVSS: 4.7

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.

Vendor

Product

CWE

CWE-59

Yayın Tarihi

2025-10-01 14:15:39

Güncelleme

2025-10-02 19:11:46

Source Identifier

psirt@teamviewer.com

KEV Date Added

Kategoriler

CWE-59 MEDIUM 2025

Referanslar

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1004/