Security Bulletins

TV-2025-1002

Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management

Bulletin ID
TV-2025-1002
Issue Date
Jun 24, 2025
Last Update
Jun 24, 2025
Priority
Important
CVSS
7.0 (High)
Assigned CVE
CVE-2025-36537
Affected Products
TeamViewer Remote Management (Windows)

1. Summary

A vulnerability has been discovered in TeamViewer Remote Management for Windows, which allows an attacker with local unprivileged access to delete files using SYSTEM privileges. This may lead to a general escalation of privileges. 

2. Vulnerability Details

CVE-ID

CVE-2025-36537

Description

Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 (and additional versions listed below) on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.

 

To exploit this vulnerability, an attacker needs local access to the Windows system. 

 

Devices running TeamViewer without the Remote Management features Backup, Monitoring, or Patch Management, are not affected. 

 

We have no indication that this vulnerability has been or is being exploited in the wild.  

 

The vulnerability has been fixed with version 15.67 and additional versions listed below. We recommend updating to the latest available version.

CVSS3.1 Score

Base Score 7.0 (High)

CVSS3.1 Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem type

CWE-732: Incorrect Permission Assignment for Critical Resource

3. Affected products and versions

Product
Versions
Info

TeamViewer Remote Full Client (Windows)

< 15.67

Download available

TeamViewer Remote Full Client (Windows 7/8)

< 15.64.5

Download (64-bit)
Download (32-bit)

TeamViewer Remote Full Client (Windows)

< 14.7.48809

Download available

TeamViewer Remote Full Client (Windows)

< 13.2.36227

Download available

TeamViewer Remote Full Client (Windows)

< 12.0.259325

Download available

TeamViewer Remote Full Client (Windows)

< 11.0.259324

Download available

TeamViewer Remote Host (Windows)

< 15.67

Download available

TeamViewer Remote Host (Windows 7/8)

< 15.64.5

Download (64-bit)
Download (32-bit)

TeamViewer Remote Host (Windows)

< 14.7.48809

Download available

TeamViewer Remote Host (Windows)

< 13.2.36227

Download available

TeamViewer Remote Host (Windows)

< 12.0.259325

Download available

TeamViewer Remote Host (Windows)

< 11.0.259324

Download available

4. Solutions and mitigations

Update to the latest version (15.67 or the latest version available)

5. Acknowledgments

We thank Giuliano Sanfins (0x_alibabas) from SiDi, working with Trend Micro Zero Day Initiative, for the discovery and the responsible disclosure.