cvedb.io
CVE-2025-41421
MEDIUM · CVSS 4.7
EPSS exploitation probability: 0%
Published 2025-10-01T14:15:39.953 · Last modified 2026-06-17T09:22:50.700

Summary

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.