TV-2025-1002

Bulletin ID: TV-2025-1002
Issue Date: 2025年6月24日
Last Update: 2025年6月24日
Priority: Important
CVSS: 7.0 (High)
Assigned CVE: CVE-2025-36537
Affected Products: TeamViewer Remote Management (Windows)

1. Summary

A vulnerability has been discovered in TeamViewer Remote Management for Windows, which allows an attacker with local unprivileged access to delete files using SYSTEM privileges. This may lead to a general escalation of privileges.

2. Vulnerability Details

CVE-ID	CVE-2025-36537
Description	Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 (and additional versions listed below) on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management. To exploit this vulnerability, an attacker needs local access to the Windows system. Devices running TeamViewer without the Remote Management features Backup, Monitoring, or Patch Management, are not affected. We have no indication that this vulnerability has been or is being exploited in the wild. The vulnerability has been fixed with version 15.67 and additional versions listed below. We recommend updating to the latest available version.
CVSS3.1 Score	Base Score 7.0 (High)
CVSS3.1 Vector String	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem type	CWE-732: Incorrect Permission Assignment for Critical Resource

3. Affected products and versions

Product	Versions	Info
TeamViewer Remote Full Client (Windows)	< 15.67	Download available
TeamViewer Remote Full Client (Windows 7/8)	< 15.64.5	Download (64-bit) Download (32-bit)
TeamViewer Remote Full Client (Windows)	< 14.7.48809	Download available
TeamViewer Remote Full Client (Windows)	< 13.2.36227	Download available
TeamViewer Remote Full Client (Windows)	< 12.0.259325	Download available
TeamViewer Remote Full Client (Windows)	< 11.0.259324	Download available
TeamViewer Remote Host (Windows)	< 15.67	Download available
TeamViewer Remote Host (Windows 7/8)	< 15.64.5	Download (64-bit) Download (32-bit)
TeamViewer Remote Host (Windows)	< 14.7.48809	Download available
TeamViewer Remote Host (Windows)	< 13.2.36227	Download available
TeamViewer Remote Host (Windows)	< 12.0.259325	Download available
TeamViewer Remote Host (Windows)	< 11.0.259324	Download available

4. Solutions and mitigations

Update to the latest version (15.67 or the latest version available)

5. Acknowledgments

We thank Giuliano Sanfins (0x_alibabas) from SiDi, working with Trend Micro Zero Day Initiative, for the discovery and the responsible disclosure.

Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management

1. Summary

2. Vulnerability Details

3. Affected products and versions

4. Solutions and mitigations

5. Acknowledgments

請選擇您所在的地區

建議區域

Americas

Asia Pacific

Commonwealth of Independent States

Europe

Middle East Africa