CVE-2025-44002

Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1003/

Configurations

No configuration.

History

26 Aug 2025, 13:41

Type	Values Removed	Values Added
Summary		(es) La condición de ejecución en la lógica de validación de directorio en el cliente completo y el host de TeamViewer en versiones anteriores a 15.69 en Windows permite que un usuario local no administrador cree archivos arbitrarios con privilegios de SYSTEM, lo que puede generar una condición de denegación de servicio mediante la manipulación de un enlace simbólico durante la verificación del directorio.

26 Aug 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-26 11:15

Updated : 2025-08-26 13:41

NVD link : CVE-2025-44002

Mitre link : CVE-2025-44002

CVE.ORG link : CVE-2025-44002

JSON object : View

Products Affected

No product.

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

6.1 /10