CVE-2025-41421 MEDIUM

CVE-2025-41421: Privilege Escalation via Symbolic Link Spoofing in TeamViewer Client

Vendor Teamviewer
Product Full Client
Weakness CWE-59
Published October 1, 2025
Last update October 1, 2025

CVSS base score

4.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.

Key dates

02Disclosure timeline

October 1, 2025 CVE published
October 1, 2025 Record updated