CVE-2025-44002 (GCVE-0-2025-44002)

Vulnerability from cvelistv5 – Published: 2025-08-26 11:05 – Updated: 2025-08-26 14:39
VLAI?
Summary
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CWE
  • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
TV
References
Impacted products
Vendor Product Version
TeamViewer Full Client Affected: 11.0.0 , < 15.69 (custom)
Create a notification for this product.
    TeamViewer Host Affected: 11.0.0 , < 15.69 (custom)
Create a notification for this product.
Credits
Trend Micro Zero Day Initiative
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-44002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-26T14:19:37.473698Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T14:39:04.138Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Full Client",
          "vendor": "TeamViewer",
          "versions": [
            {
              "lessThan": "15.69",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Host",
          "vendor": "TeamViewer",
          "versions": [
            {
              "lessThan": "15.69",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Trend Micro Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRace Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior \u003cspan style=\"background-color: rgba(0, 107, 255, 0.2);\"\u003ev\u003c/span\u003eersion 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to \u003cspan style=\"background-color: rgba(0, 107, 255, 0.2);\"\u003ea \u003c/span\u003edenial-of-service condition, via symbolic link manipulation during directory verification.\u003c/span\u003e"
            }
          ],
          "value": "Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-27",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-27 Leveraging Race Conditions via Symbolic Links"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T11:05:22.270Z",
        "orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
        "shortName": "TV"
      },
      "references": [
        {
          "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1003/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to the latest version.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Update to the latest version."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Arbitrary File Creation via Symbolic Link leading to Denial-of-Service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
    "assignerShortName": "TV",
    "cveId": "CVE-2025-44002",
    "datePublished": "2025-08-26T11:05:22.270Z",
    "dateReserved": "2025-04-30T08:08:15.979Z",
    "dateUpdated": "2025-08-26T14:39:04.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-44002\",\"sourceIdentifier\":\"psirt@teamviewer.com\",\"published\":\"2025-08-26T11:15:32.437\",\"lastModified\":\"2025-08-26T13:41:58.950\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification.\"},{\"lang\":\"es\",\"value\":\"La condici\u00f3n de ejecuci\u00f3n en la l\u00f3gica de validaci\u00f3n de directorio en el cliente completo y el host de TeamViewer en versiones anteriores a 15.69 en Windows permite que un usuario local no administrador cree archivos arbitrarios con privilegios de SYSTEM, lo que puede generar una condici\u00f3n de denegaci\u00f3n de servicio mediante la manipulaci\u00f3n de un enlace simb\u00f3lico durante la verificaci\u00f3n del directorio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@teamviewer.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"psirt@teamviewer.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]}],\"references\":[{\"url\":\"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1003/\",\"source\":\"psirt@teamviewer.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-44002\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-26T14:19:37.473698Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-26T14:37:23.610Z\"}}], \"cna\": {\"title\": \"Arbitrary File Creation via Symbolic Link leading to Denial-of-Service\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Trend Micro Zero Day Initiative\"}], \"impacts\": [{\"capecId\": \"CAPEC-27\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-27 Leveraging Race Conditions via Symbolic Links\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"TeamViewer\", \"product\": \"Full Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0\", \"lessThan\": \"15.69\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"TeamViewer\", \"product\": \"Host\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0\", \"lessThan\": \"15.69\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to the latest version.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update to the latest version.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1003/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eRace Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior \u003cspan style=\\\"background-color: rgba(0, 107, 255, 0.2);\\\"\u003ev\u003c/span\u003eersion 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to \u003cspan style=\\\"background-color: rgba(0, 107, 255, 0.2);\\\"\u003ea \u003c/span\u003edenial-of-service condition, via symbolic link manipulation during directory verification.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-367\", \"description\": \"CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition\"}]}], \"providerMetadata\": {\"orgId\": \"13430f76-86eb-43b2-a71c-82c956ef31b6\", \"shortName\": \"TV\", \"dateUpdated\": \"2025-08-26T11:05:22.270Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-44002\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-26T14:39:04.138Z\", \"dateReserved\": \"2025-04-30T08:08:15.979Z\", \"assignerOrgId\": \"13430f76-86eb-43b2-a71c-82c956ef31b6\", \"datePublished\": \"2025-08-26T11:05:22.270Z\", \"assignerShortName\": \"TV\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.