A essential safety vulnerability has been found in TeamViewer Distant Administration for Home windows, exposing programs to potential privilege escalation assaults.
The flaw, tracked as CVE-2025-36537, permits an area unprivileged attacker to delete arbitrary recordsdata with SYSTEM-level privileges, posing a major danger to organizations counting on TeamViewer’s Distant Administration options.
Vulnerability Overview
The vulnerability, assigned a CVSS rating of seven.0 (Excessive), stems from an incorrect permission task for essential assets within the TeamViewer Shopper (each Full and Host variations).
.png
)
Particularly, the problem is linked to how the MSI rollback mechanism handles file deletions throughout uninstall or rollback processes.
By exploiting this mechanism, a low-privileged consumer with native entry can delete recordsdata wherever on the system as SYSTEM, probably resulting in additional privilege escalation or system compromise.
| CVE ID | CVSS Rating | Affected Options |
| CVE-2025-36537 | 7.0 (Excessive) | Backup, Monitoring, Patch Mgmt |
Notably, this vulnerability solely impacts installations of TeamViewer Distant or Tensor for Home windows which have the Distant Administration options—Backup, Monitoring, or Patch Administration—enabled.
Programs working TeamViewer with out these modules are usually not impacted.
“The vulnerability solely applies to the Distant Administration options: Backup, Monitoring, and Patch Administration. Units working TeamViewer with out these options are usually not affected.”
Affected Variations
The next TeamViewer merchandise and variations are affected:
| Product | Affected Variations |
| TeamViewer Distant Full Shopper (Home windows) | |
| TeamViewer Distant Full Shopper (Win 7/8) | |
| TeamViewer Distant Full Shopper (Home windows) | |
| TeamViewer Distant Full Shopper (Home windows) | |
| TeamViewer Distant Full Shopper (Home windows) | |
| TeamViewer Distant Full Shopper (Home windows) | |
| TeamViewer Distant Host (Home windows) | |
| TeamViewer Distant Host (Win 7/8) | |
| TeamViewer Distant Host (Home windows) | |
| TeamViewer Distant Host (Home windows) | |
| TeamViewer Distant Host (Home windows) | |
| TeamViewer Distant Host (Home windows) |
To use this vulnerability, an attacker will need to have native entry to the focused Home windows system.
As soon as exploited, the attacker may delete essential system recordsdata or consumer knowledge, probably inflicting a denial of service or paving the best way for additional privilege escalation.
Nonetheless, there’s at present no proof that this vulnerability has been exploited within the wild.
TeamViewer has addressed the problem in model 15.67 and recommends all customers with Distant Administration options enabled replace to the most recent accessible model instantly.
Customers who don’t make the most of Backup, Monitoring, or Patch Administration are usually not affected however are nonetheless inspired to maintain their software program updated as a greatest observe.
The vulnerability was responsibly disclosed by Giuliano Sanfins (0x_alibabas) from SiDi, in collaboration with Pattern Micro Zero Day Initiative.
TeamViewer customers are urged to replace instantly to guard their programs from potential exploitation.
Discover this Information Attention-grabbing! Comply with us on Google Information, LinkedIn, and X to Get Immediate Updates
