TV-2025-1002

公告栏 ID: TV-2025-1002
Issue Date: 2025年6月24日
最后更新时间: 2025年6月24日
优先级: 高
CVSS: 7.0 (High)
受影响的产品: CVE-2025-36537
受影响的产品: TeamViewer Remote Management (Windows)

1. Summary

A vulnerability has been discovered in TeamViewer Remote Management for Windows, which allows an attacker with local unprivileged access to delete files using SYSTEM privileges. This may lead to a general escalation of privileges.

2. Vulnerability Details

CVE-ID	CVE-2025-36537
Description	Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 (and additional versions listed below) on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management. To exploit this vulnerability, an attacker needs local access to the Windows system. Devices running TeamViewer without the Remote Management features Backup, Monitoring, or Patch Management, are not affected. We have no indication that this vulnerability has been or is being exploited in the wild. The vulnerability has been fixed with version 15.67 and additional versions listed below. We recommend updating to the latest available version.
CVSS3.1 Score	Base Score 7.0 (High)
CVSS3.1 Vector String	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem type	CWE-732: Incorrect Permission Assignment for Critical Resource

3. Affected products and versions

Product	Versions	Info
TeamViewer Remote Full Client (Windows)	< 15.67	Download available
TeamViewer Remote Full Client (Windows 7/8)	< 15.64.5	Download (64-bit) Download (32-bit)
TeamViewer Remote Full Client (Windows)	< 14.7.48809	Download available
TeamViewer Remote Full Client (Windows)	< 13.2.36227	Download available
TeamViewer Remote Full Client (Windows)	< 12.0.259325	Download available
TeamViewer Remote Full Client (Windows)	< 11.0.259324	Download available
TeamViewer Remote Host (Windows)	< 15.67	Download available
TeamViewer Remote Host (Windows 7/8)	< 15.64.5	Download (64-bit) Download (32-bit)
TeamViewer Remote Host (Windows)	< 14.7.48809	Download available
TeamViewer Remote Host (Windows)	< 13.2.36227	Download available
TeamViewer Remote Host (Windows)	< 12.0.259325	Download available
TeamViewer Remote Host (Windows)	< 11.0.259324	Download available

4. Solutions and mitigations

Update to the latest version (15.67 or the latest version available)

5. Acknowledgments

We thank Giuliano Sanfins (0x_alibabas) from SiDi, working with Trend Micro Zero Day Initiative, for the discovery and the responsible disclosure.

Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management

1. Summary

2. Vulnerability Details

3. Affected products and versions

4. Solutions and mitigations

5. Acknowledgments

请选择您所在的地区

建议区域

Americas

Asia Pacific

Commonwealth of Independent States

Europe

Middle East Africa