TV-2025-1003

Security Bulletins

速報 ID: TV-2025-1003
Issue Date: 2025/08/26
最終更新日: 2025/08/26
優先度: Moderate(中程度)
CVSS: 6.1 (Medium)
割り当て CVE: CVE-2025-44002
影響のある製品: TeamViewer Remote Full Client (Windows); TeamViewer Remote Host (Windows)

1. Summary

A vulnerability has been discovered in the TeamViewer Remote Clients for Windows, which can lead to a local denial-of-service condition.

2. Vulnerability Details

CVE-ID	CVE-2025-44002
Description	Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification. To exploit this vulnerability, an attacker needs local access to the Windows system. We have no indication that this vulnerability has been or is being exploited in the wild. The vulnerability has been fixed with version 15.69 and additional versions listed below. We recommend updating to the latest available version.
CVSS3.1 Score	Base Score 6.1 (Medium)
CVSS3.1 Vector String	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Problem type	CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

3. Affected products and versions

Product	Versions	Info
TeamViewer Remote Full Client (Windows)	< 15.69	Download available
TeamViewer Remote Host (Windows)	< 15.69	Download available

4. Solutions and mitigations

Update to the latest version (15.69 or the latest version available)

5. Acknowledgments

Trend Micro Zero Day Initiative