TeamViewer for Windows Vulnerability Let Attackers Delete Files Using SYSTEM Privileges
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A significant security vulnerability in the TeamViewer Remote Management solution for Windows that could allow attackers with local access to delete arbitrary files with SYSTEM privileges, potentially leading to privilege escalation.
The vulnerability, identified as CVE-2025-36537, was announced on June 24, 2025, and carries a CVSS score of 7.0 (High).
TeamViewer has released patches and strongly recommends users update to the latest versions immediately to mitigate this risk.
Summary 1. TeamViewer Windows vulnerability (CVE-2025-36537) allows file deletion with SYSTEM privileges. 2. Only affects Remote Management features (Backup, Monitoring, Patch Management) - not standard installations. 3. Attackers need existing local access to the Windows system to exploit this flaw. 4. Organizations should update to TeamViewer version 15.67 or later immediately and no known active exploitation.
TeamViewer Privilege Escalation Flaw
The security flaw, classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), affects TeamViewer Client installations on Windows systems.
Specifically, the vulnerability exists in both Full and Host clients of TeamViewer Remote and Tensor prior to version 15.67.
According to the security bulletin TV-2025-1002, the vulnerability allows local unprivileged users to trigger arbitrary file deletion with elevated SYSTEM privileges by exploiting the MSI rollback mechanism.
The CVSS vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H indicates a high-severity vulnerability requiring local access with high potential impact on confidentiality, integrity, and availability.
The vulnerability is particularly concerning as it doesn’t require user interaction to exploit, allowing attackers to potentially compromise system files once they’ve gained initial access to a machine.
The exploitation specifically targets TeamViewer’s Remote Management features: Backup, Monitoring, and Patch Management.
Systems running TeamViewer without these components are not affected by this vulnerability.
The attack requires local access to the Windows system, limiting remote exploitation scenarios but still presenting a serious risk in multi-user environments or situations where an attacker has already established an initial foothold.
The bulletin states that there is currently no indication that this vulnerability has been exploited in the wild. However, now that the details are public, organizations should act quickly to update their installations.
The vulnerability could potentially be leveraged in a privilege escalation chain, allowing attackers to move from limited user access to full system control by deleting critical security components.
Risk Factors Details Affected ProductsTeamViewer Remote Full Client (Windows) < 15.67TeamViewer Remote Full Client (Windows 7/8) < 15.64.5TeamViewer Remote Host (Windows) < 15.67TeamViewer Remote Host (Windows 7/8) < 15.64.5Legacy versions back to 11.0.259324ImpactArbitrary file deletion with SYSTEM privilegesExploit PrerequisitesLocal unprivileged user access to Windows system TeamViewer Remote Management features enabledCVSS 3.1 Score7.0 (High)
Affected Versions
The vulnerability impacts multiple versions of TeamViewer’s Remote Management software, including TeamViewer Remote Full Client and TeamViewer Remote Host for Windows across versions 11.0, 12.0, 13.2, 14.7, and 15.x prior to 15.67. For Windows 7/8 systems, versions prior to 15.64.5 are vulnerable.
TeamViewer has issued patches for all affected versions. The primary mitigation strategy is to update to version 15.67 or the latest available version for your installation track.
Organizations should prioritize this update, especially for systems that useTeamViewer with Remote Management features enabled.
The vulnerability was discovered and responsibly disclosed by security researcher Giuliano Sanfins (0x_alibabas) from SiDi, working in collaboration with Trend Micro’s Zero Day Initiative.
#Cyber_Security #Cyber_Security_News #Vulnerability #Windows #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
TeamViewer for Windows Vulnerability Let Attackers Delete Files Using SYSTEM Privileges
Author: Guru BaranA significant security vulnerability in the TeamViewer Remote Management solution for Windows that could allow attackers with local access to delete arbitrary files with SYSTEM privileges, potentially leading to privilege escalation.
The vulnerability, identified as CVE-2025-36537, was announced on June 24, 2025, and carries a CVSS score of 7.0 (High).
TeamViewer has released patches and strongly recommends users update to the latest versions immediately to mitigate this risk.
Summary 1. TeamViewer Windows vulnerability (CVE-2025-36537) allows file deletion with SYSTEM privileges. 2. Only affects Remote Management features (Backup, Monitoring, Patch Management) - not standard installations. 3. Attackers need existing local access to the Windows system to exploit this flaw. 4. Organizations should update to TeamViewer version 15.67 or later immediately and no known active exploitation.
TeamViewer Privilege Escalation Flaw
The security flaw, classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), affects TeamViewer Client installations on Windows systems.
Specifically, the vulnerability exists in both Full and Host clients of TeamViewer Remote and Tensor prior to version 15.67.
According to the security bulletin TV-2025-1002, the vulnerability allows local unprivileged users to trigger arbitrary file deletion with elevated SYSTEM privileges by exploiting the MSI rollback mechanism.
The CVSS vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H indicates a high-severity vulnerability requiring local access with high potential impact on confidentiality, integrity, and availability.
The vulnerability is particularly concerning as it doesn’t require user interaction to exploit, allowing attackers to potentially compromise system files once they’ve gained initial access to a machine.
The exploitation specifically targets TeamViewer’s Remote Management features: Backup, Monitoring, and Patch Management.
Systems running TeamViewer without these components are not affected by this vulnerability.
The attack requires local access to the Windows system, limiting remote exploitation scenarios but still presenting a serious risk in multi-user environments or situations where an attacker has already established an initial foothold.
The bulletin states that there is currently no indication that this vulnerability has been exploited in the wild. However, now that the details are public, organizations should act quickly to update their installations.
The vulnerability could potentially be leveraged in a privilege escalation chain, allowing attackers to move from limited user access to full system control by deleting critical security components.
Risk Factors Details Affected ProductsTeamViewer Remote Full Client (Windows) < 15.67TeamViewer Remote Full Client (Windows 7/8) < 15.64.5TeamViewer Remote Host (Windows) < 15.67TeamViewer Remote Host (Windows 7/8) < 15.64.5Legacy versions back to 11.0.259324ImpactArbitrary file deletion with SYSTEM privilegesExploit PrerequisitesLocal unprivileged user access to Windows system TeamViewer Remote Management features enabledCVSS 3.1 Score7.0 (High)
Affected Versions
The vulnerability impacts multiple versions of TeamViewer’s Remote Management software, including TeamViewer Remote Full Client and TeamViewer Remote Host for Windows across versions 11.0, 12.0, 13.2, 14.7, and 15.x prior to 15.67. For Windows 7/8 systems, versions prior to 15.64.5 are vulnerable.
TeamViewer has issued patches for all affected versions. The primary mitigation strategy is to update to version 15.67 or the latest available version for your installation track.
Organizations should prioritize this update, especially for systems that useTeamViewer with Remote Management features enabled.
The vulnerability was discovered and responsibly disclosed by security researcher Giuliano Sanfins (0x_alibabas) from SiDi, working in collaboration with Trend Micro’s Zero Day Initiative.
#Cyber_Security #Cyber_Security_News #Vulnerability #Windows #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
