Full Report
TeamViewer has shared a new security update for a flaw in TeamViewer Remote Management for Windows. The vulnerability, officially cataloged as CVE-2025-36537, allows a local, unprivileged user to escalate their privileges and delete files with SYSTEM-level access. According to a TeamViewer security bulletin (ID: TV-2025-1002) published on Tuesday, the flaw stems from incorrect permission assignment for critical resources. This specific weakness, classified under CWE-732, enables attackers to exploit the MSI rollback mechanism within the TeamViewer Remote and Tensor clients (both Full and Host versions) for Windows. Who Is Affected and How the Exploit Works The TeamViewer vulnerability specifically impacts the Remote Management features, including Backup, Monitoring, and Patch Management. Notably, users running TeamViewer without these features are not affected. The exploit requires local access, meaning an attacker must already have some form of presence on the target system. By taking advantage of flawed permissions during the uninstallation process (via MSI rollback), an unprivileged user can delete arbitrary files with SYSTEM-level privileges, potentially compromising the integrity of the entire system. The vulnerability has been rated 7.0 (High) on the CVSS scale, with the following vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. Although the attack complexity is considered high due to the need for local access, the potential damage makes it a serious concern for enterprise environments. Affected Versions and Urgent Mitigation Steps The security flaw affects multiple versions of TeamViewer Remote Full Client and Host Client for Windows, including legacy builds. Specifically: Product Versions TeamViewer Remote Full Client (Windows) TeamViewer Remote Full Client (Windows 7/8) TeamViewer Remote Full Client (Windows) TeamViewer Remote Full Client (Windows) TeamViewer Remote Full Client (Windows) TeamViewer Remote Full Client (Windows) TeamViewer Remote Host (Windows) TeamViewer Remote Host (Windows 7/8) TeamViewer Remote Host (Windows) TeamViewer Remote Host (Windows) TeamViewer Remote Host (Windows) TeamViewer Remote Host (Windows) TeamViewer has already released a fix in version 15.67, and users are strongly advised to upgrade immediately. Devices not running the Remote Management features do not require urgent updates, though regular patching is always recommended. Discovery and Disclosure of CVE-2025-36537 The vulnerability was disclosed by Giuliano Sanfins (alias 0x_alibabas) from SiDi, working with the Trend Micro Zero Day Initiative. As of the latest update, there is no indication that CVE-2025-36537 has been exploited in the wild. System administrators should evaluate their deployment of TeamViewer Remote Management, especially where Backup, Monitoring, or Patch Management modules are enabled. Applying the latest updates will eliminate exposure to this TeamViewer vulnerability and help maintain compliance with organizational security standards.
Analysis Summary
# Vulnerability: TeamViewer Remote Management Privilege Escalation Flaw
## CVE Details
- CVE ID: CVE-2025-36537
- CVSS Score: *(Score not explicitly provided in the text, designated as N/A)* (Severity not explicitly provided in the text, designated as N/A)
- CWE: *(CWE not provided in the text)*
## Affected Systems
- Products: TeamViewer Remote Full Client (Windows), TeamViewer Remote Host (Windows)
- Versions:
- TeamViewer Remote Full Client (Windows) < 15.67
- TeamViewer Remote Full Client (Windows 7/8) < 15.64.5
- TeamViewer Remote Full Client (Windows) < 14.7.48809
- TeamViewer Remote Full Client (Windows) < 13.2.36227
- TeamViewer Remote Full Client (Windows) < 12.0.259325
- TeamViewer Remote Full Client (Windows) < 11.0.259324
- TeamViewer Remote Host (Windows) < 15.67
- TeamViewer Remote Host (Windows 7/8) < 15.64.5
- TeamViewer Remote Host (Windows) < 14.7.48809
- TeamViewer Remote Host (Windows) < 13.2.36227
- TeamViewer Remote Host (Windows) < 12.0.259325
- TeamViewer Remote Host (Windows) < 11.0.259324
- Configurations: Systems utilizing TeamViewer Remote Management features, specifically Backup, Monitoring, or Patch Management modules. Devices *not* running Remote Management features do not require urgent updates.
## Vulnerability Description
The flaw is a security flaw that puts Windows systems at risk of **Privilege Escalation**. The vulnerability was reported by Giuliano Sanfins (0x\_alibabas) of SiDi, working with the Trend Micro Zero Day Initiative.
## Exploitation
- Status: PoC available (*Implied by disclosure from ZDI, but explicitly stated as "no indication that CVE-2025-36537 has been exploited in the wild"*)
- Complexity: *(Complexity not specified)*
- Attack Vector: *(Attack Vector not specified, but Privilege Escalation often requires prior access or relies on local execution paths)*
## Impact
- Confidentiality: *(Impact level not specified)*
- Integrity: *(Impact level not specified)*
- Availability: *(Impact level not specified)*
*(Note: Privilege Escalation typically implies high impact across all three categories, but specific details were omitted in the source text.)*
## Remediation
### Patches
- Upgrade TeamViewer Remote Full Client and Remote Host versions to **15.67** or newer.
- For Windows 7/8 systems, upgrade to version **15.64.5** or newer.
- Apply the latest available updates immediately.
### Workarounds
- Devices *not* running the Remote Management features do not require urgent updates (though regular patching is recommended).
## Detection
- **Indicators of Compromise:** *(IOCs not provided)*
- **Detection methods and tools:** System administrators should focus evaluations on deployments where Backup, Monitoring, or Patch Management modules are enabled within TeamViewer Remote Management.
## References
- [Vendor advisory for CVE-2025-36537](https://thecyberexpress.com/cve-2025-36537-teamviewer-remote-management/) (Defanged: thecyberexpress[.]com/cve-2025-36537-teamviewer-remote-management/)