TeamViewer has released a security update to address a vulnerability in TeamViewer Remote Management for Windows. The flaw, identified as CVE-2025-36537, allows a local
user without administrative privileges to escalate their access and delete files with SYSTEM-level permissions. According to a security bulletin (ID: TV-2025-1002) shared on Tuesday, the issue is caused by incorrect permission settings for critical resources. The vulnerability, classified under CWE-732, takes advantage of the MSI rollback process in both the Full and Host versions of TeamViewer Remote and Tensor clients for Windows.
Affected Users and Exploitation Details
This vulnerability specifically impacts Remote Management features such as Backup, Monitoring, and Patch Management. Users who are not using these features are not affected. The exploit requires local access, meaning the attacker must already be present on the target system. By misusing permission flaws during the uninstallation process through MSI rollback, an attacker can delete any file on the system with SYSTEM-level privileges. This could potentially compromise the security and stability of the system.
Severity and Risk Level
The flaw has been rated 7.0 (High) on the CVSS scale. The attack vector is defined as CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. Although exploiting the vulnerability is complex and requires physical or remote access to the system, the consequences of successful exploitation are significant, especially in enterprise environments.
Versions Affected and Required Actions
Multiple versions of the TeamViewer Remote Full and Host clients for Windows, including older builds, are impacted. TeamViewer has addressed the issue in version 15.67, and users are strongly encouraged to update as soon as possible. Systems not using the Remote Management modules are not at immediate risk, though regular updates remain best practice.
Disclosure and Reporting
The vulnerability was discovered by Giuliano Sanfins, also known as 0x_alibabas, from SiDi in collaboration with the Trend Micro Zero Day Initiative. As of now, there is no evidence that CVE-2025-36537 has been actively exploited.
System administrators should review their use of TeamViewer Remote Management, particularly where features like Backup or Patch Management are active. Installing the latest updates will resolve this vulnerability and help ensure compliance with organizational cybersecurity standards.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
