CVE-2025-44002

{"id": "CVE-2025-44002", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.8}]}, "published": "2025-08-26T11:15:32.437", "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1003/", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification."}, {"lang": "es", "value": "La condici\u00f3n de ejecuci\u00f3n en la l\u00f3gica de validaci\u00f3n de directorio en el cliente completo y el host de TeamViewer en versiones anteriores a 15.69 en Windows permite que un usuario local no administrador cree archivos arbitrarios con privilegios de SYSTEM, lo que puede generar una condici\u00f3n de denegaci\u00f3n de servicio mediante la manipulaci\u00f3n de un enlace simb\u00f3lico durante la verificaci\u00f3n del directorio."}], "lastModified": "2025-08-26T13:41:58.950", "sourceIdentifier": "[email protected]"}