A significant security vulnerability has been identified in TeamViewer’s Remote Management solution for Windows, potentially allowing attackers with local access to delete arbitrary files with SYSTEM privileges. This flaw, designated as CVE-2025-36537, was disclosed on June 24, 2025, and carries a CVSS score of 7.0, indicating a high severity level. TeamViewer has promptly released patches and strongly advises users to update to the latest versions to mitigate this risk.
Understanding the Vulnerability
The vulnerability stems from incorrect permission assignments within the TeamViewer_service.exe component, specifically affecting the Remote Management features such as Backup, Monitoring, and Patch Management. Standard installations of TeamViewer without these components are not impacted. The flaw allows local unprivileged users to exploit the MSI rollback mechanism to delete arbitrary files with elevated SYSTEM privileges. This could lead to privilege escalation, enabling attackers to compromise critical system files and potentially gain full control over the affected system.
Technical Details
CVE-2025-36537 is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource). The CVSS vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H indicates that the vulnerability requires local access and has a high impact on confidentiality, integrity, and availability. Notably, the exploit does not require user interaction, making it particularly concerning in environments where attackers have already established a foothold.
Affected Versions
The vulnerability affects the following versions of TeamViewer’s Remote Management software:
– TeamViewer Remote Full Client (Windows) versions prior to 15.67
– TeamViewer Remote Full Client (Windows 7/8) versions prior to 15.64.5
– TeamViewer Remote Host (Windows) versions prior to 15.67
– TeamViewer Remote Host (Windows 7/8) versions prior to 15.64.5
– Legacy versions back to 11.0.259324
Mitigation Steps
To protect against potential exploitation, users are urged to:
1. Update Software: Immediately upgrade to TeamViewer version 15.67 or later. For Windows 7/8 systems, update to version 15.64.5 or later.
2. Restrict Local Access: Limit physical and remote access to systems running TeamViewer, especially those with Remote Management features enabled.
3. Monitor Systems: Regularly review system logs for unusual activity and conduct periodic security audits to identify and address potential vulnerabilities.
Conclusion
While there is currently no evidence of this vulnerability being exploited in the wild, the disclosure of CVE-2025-36537 underscores the importance of maintaining up-to-date software and implementing robust security measures. Organizations and individual users should act swiftly to update their TeamViewer installations and adopt proactive monitoring practices to safeguard their systems against potential threats.
