A significant security vulnerability has been discovered in TeamViewer’s Remote Management software for Windows systems, enabling attackers with local access to exploit SYSTEM-level privileges for arbitrary file deletion.
The vulnerability , identified as CVE-2025-36537, carries a CVSS 3.1 base score of 7.0, categorizing it as a high-severity vulnerability that could lead to complete system compromise through privilege escalation attacks.
The vulnerability stems from incorrect permission assignments within TeamViewer’s critical resource handling, specifically affecting the Remote Management features including Backup, Monitoring, and Patch Management functionalities.
Security researchers have classified this as a CWE-732 vulnerability, highlighting fundamental vulnerability in how the software manages access controls for sensitive system operations.
The attack vector leverages TeamViewer’s MSI rollback mechanism, allowing local unprivileged users to trigger arbitrary file deletion operations with SYSTEM privileges.
This exploitation technique represents a sophisticated approach to privilege escalation, where attackers can manipulate the software’s installation and rollback processes to gain elevated permissions typically reserved for system administrators.
Importantly, the vulnerability requires local access to the target Windows system, meaning attackers must already have some level of system access to exploit this vulnerability.
However, once exploited, the vulnerability provides a pathway for complete system compromise, as SYSTEM privileges represent the highest level of access within Windows environments.
TeamViewer has confirmed that devices running their software without the Remote Management features are not affected by this vulnerability.
The vulnerability affects numerous versions of TeamViewer Remote Full Client and TeamViewer Remote Host across different Windows platforms.
Current systems running TeamViewer Remote versions prior to 15.67 are vulnerable, while legacy Windows 7 and 8 systems require updates to version 15.64.5 or higher.
The scope of affected versions is extensive, reaching back through multiple major releases including versions 14.7.48809, 13.2.36227, 12.0.259325, and 11.0.259324.
This broad version range indicates that organizations running older TeamViewer installations may have been vulnerable for extended periods, highlighting the importance of regular security updates for remote access software.
The wide range of affected versions suggests that many enterprise environments could be at risk, particularly those maintaining legacy systems or following conservative update policies.
Organizations utilizing TeamViewer’s Remote Management capabilities should prioritize immediate assessment of their current software versions.
TeamViewer has released patches addressing this vulnerability across all affected product lines, with version 15.67 serving as the primary remediation for most current systems.
The company has made updated versions available through their standard download channels, providing both 64-bit and 32-bit installers for legacy Windows platforms.
Security researchers from SiDi, working in collaboration with Trend Micro’s Zero Day Initiative, discovered and responsibly disclosed this vulnerability.
The research credit goes specifically to Giuliano Sanfins, demonstrating the value of coordinated vulnerability disclosure programs in maintaining software security.
Critically, TeamViewer reports no evidence of active exploitation in the wild, suggesting that organizations updating promptly can address this vulnerability before potential attackers develop widespread exploitation techniques.
However, given the high CVSS score and the potential for privilege escalation, immediate patching is recommended for all affected systems, particularly those in enterprise environments where Remote Management features are actively utilized.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…