Security Bulletins

TV-2025-1004

Privilege Escalation via Symbolic Link Spoofing in TeamViewer Client

Bulletin ID
TV-2025-1004
Issue Date
Sep 30, 2025
Last Update
Oct 1, 2025
Priority
Moderate
CVSS
4.7 (Medium)
Assigned CVE
CVE-2025-41421
Affected Products
TeamViewer Remote
TeamViewer Tensor

1. Summary

A vulnerability has been discovered in the TeamViewer Full Client and Host for Windows which allows local privilege escalation on a Windows system.

2. Vulnerability Details

CVE-ID

CVE-2025-41421

Description

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.

 

The vulnerability has been fixed with version 15.70. We recommend updating to the latest available version.

 

The presence of adequate malware protection (e.g., Microsoft Defender in standard settings) should prevent exploitation.

 

At this time, there is no indication that this vulnerability has been exploited in the wild.

CVSS3.1 Score

Base Score 4.7 (Medium)

CVSS3.1 Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem type

CWE-59: Improper Link Resolution Before File Access ('Link Following')

3. Affected products and versions

Product
Versions
Info

TeamViewer Remote Full Client (Windows)

< 15.70

Download available

TeamViewer Remote Host (Windows)

< 15.70

Download available

4. Solutions and mitigations

Update to the latest version (15.70 or the latest version available)

5. Acknowledgments

@TwoSevenOneT (X) with ZeroSalarium.com