Security Alert: TeamViewer Vulnerability Notification
TeamViewer has recently announced a critical security update to address a vulnerability identified in the TeamViewer Remote Management software for Windows. This security issue, recognized as CVE-2025-36537, poses a significant risk by allowing local, unprivileged users to escalate their access rights, enabling them to delete files at the SYSTEM level.
The Nature of the Vulnerability
A detail from TeamViewer’s security update (bulletin ID: TV-2025-1002) provides insights into how this vulnerability arose. The flaw originates from improper assignment of permissions for essential system resources. Categorized under CWE-732, this vulnerability facilitates exploitation through the MSI rollback mechanism in both the TeamViewer Remote and Tensor clients, applicable to all Windows versions.
Who Is Most At Risk?
This vulnerability particularly affects the Remote Management functions of TeamViewer, such as Backup, Monitoring, and Patch Management. However, users who do not utilize these features can rest assured that they are not impacted by this security concern. It’s essential for users and organizations that employ these functionalities to be aware of the implications of this vulnerability.
Understanding the Exploit Mechanics
To execute this exploit, an attacker must first have local access to the target system, indicating that they must already have some level of presence on the machine. By manipulating the flawed permissions during the uninstallation phase (through an MSI rollback), an unprivileged user can gain SYSTEM-level privileges, thus capable of deleting arbitrary files. This raises serious concerns about the integrity of the affected systems, especially in enterprise environments.
The vulnerability has been rated 7.0 on the CVSS scale, classifying it as high risk. Its vector is documented as follows: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. Despite the high complexity of the attack—due to the need for local access—the potential consequences make it a significant threat that enterprises need to address promptly.
Which Versions Are Impacted?
The security flaw is not restricted to a single version; it impacts multiple variants of the TeamViewer Remote Full Client and the Host Client for Windows, including legacy builds. The following versions are known to be affected:
| Product | Versions |
| TeamViewer Remote Full Client (Windows) | < 15.67 |
| TeamViewer Remote Full Client (Windows 7/8) | < 15.64.5 |
| TeamViewer Remote Full Client (Windows) | < 14.7.48809 |
| TeamViewer Remote Full Client (Windows) | < 13.2.36227 |
| TeamViewer Remote Full Client (Windows) | < 12.0.259325 |
| TeamViewer Remote Host (Windows) | < 15.67 |
The latest update version 15.67 includes the patch for this identified flaw. Users are strongly recommended to upgrade immediately to mitigate any potential risks. Those utilizing TeamViewer without Remote Management features should remain vigilant, as regular updates are critical for ongoing security.
Discovery and Responsible Disclosure
This vulnerability came to light through research conducted by Giuliano Sanfins (alias 0x_alibabas) from SiDi, collaborating with the Trend Micro Zero Day Initiative. Fortunately, as of the most recent reports, there have been no indications that CVE-2025-36537 has been actively exploited in the wild.
System administrators are urged to review their deployment of TeamViewer Remote Management, particularly in cases where Backup, Monitoring, or Patch Management modules are enabled. Ensuring the installation of the latest updates will not only eliminate the risk from this vulnerability but also help maintain compliance with internal security protocols and standards.
