CVE-2025-36537
Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management
Severity Score
7.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.
This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the TeamViewer service, which listens on TCP port 5939 by default. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
*Credits:
Giuliano Sanfins (0x_alibabas) from SiDi, working with Trend Micro Zero Day Initiativ
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-04-30 CVE Reserved
- 2025-06-24 CVE Published
- 2025-06-25 CVE Updated
- 2025-06-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
- CAPEC-233: Privilege Escalation
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| TeamViewer Search vendor "TeamViewer" | Full Client Search vendor "TeamViewer" for product "Full Client" | >= 15.0.0 < 15.67 Search vendor "TeamViewer" for product "Full Client" and version " >= 15.0.0 < 15.67" | en |
Affected
| ||||||
| TeamViewer Search vendor "TeamViewer" | Full Client Search vendor "TeamViewer" for product "Full Client" | >= 14.0.0 < 14.7.48809 Search vendor "TeamViewer" for product "Full Client" and version " >= 14.0.0 < 14.7.48809" | en |
Affected
| ||||||
| TeamViewer Search vendor "TeamViewer" | Full Client Search vendor "TeamViewer" for product "Full Client" | >= 13.0.0 < 13.2.36227 Search vendor "TeamViewer" for product "Full Client" and version " >= 13.0.0 < 13.2.36227" | en |
Affected
| ||||||
| TeamViewer Search vendor "TeamViewer" | Full Client Search vendor "TeamViewer" for product "Full Client" | >= 12.0.0 < 12.0.259325 Search vendor "TeamViewer" for product "Full Client" and version " >= 12.0.0 < 12.0.259325" | en |
Affected
| ||||||
| TeamViewer Search vendor "TeamViewer" | Full Client Search vendor "TeamViewer" for product "Full Client" | >= 11.0.0 < 11.0.259324 Search vendor "TeamViewer" for product "Full Client" and version " >= 11.0.0 < 11.0.259324" | en |
Affected
| ||||||
| TeamViewer Search vendor "TeamViewer" | Host Search vendor "TeamViewer" for product "Host" | >= 15.0.0 < 15.67 Search vendor "TeamViewer" for product "Host" and version " >= 15.0.0 < 15.67" | en |
Affected
| ||||||
| TeamViewer Search vendor "TeamViewer" | Host Search vendor "TeamViewer" for product "Host" | >= 14.0.0 < 14.7.48809 Search vendor "TeamViewer" for product "Host" and version " >= 14.0.0 < 14.7.48809" | en |
Affected
| ||||||
| TeamViewer Search vendor "TeamViewer" | Host Search vendor "TeamViewer" for product "Host" | >= 13.0.0 < 13.2.36227 Search vendor "TeamViewer" for product "Host" and version " >= 13.0.0 < 13.2.36227" | en |
Affected
| ||||||
| TeamViewer Search vendor "TeamViewer" | Host Search vendor "TeamViewer" for product "Host" | >= 12.0.0 < 12.0.259325 Search vendor "TeamViewer" for product "Host" and version " >= 12.0.0 < 12.0.259325" | en |
Affected
| ||||||
| TeamViewer Search vendor "TeamViewer" | Host Search vendor "TeamViewer" for product "Host" | >= 11.0.0 < 11.0.259324 Search vendor "TeamViewer" for product "Host" and version " >= 11.0.0 < 11.0.259324" | en |
Affected
| ||||||
| TeamViewer Search vendor "TeamViewer" | Full Client (Win7/8) Search vendor "TeamViewer" for product "Full Client (Win7/8)" | >= 15.0.0 < 15.64.5 Search vendor "TeamViewer" for product "Full Client (Win7/8)" and version " >= 15.0.0 < 15.64.5" | en |
Affected
| ||||||
| TeamViewer Search vendor "TeamViewer" | Host (Win7/8) Search vendor "TeamViewer" for product "Host (Win7/8)" | >= 15.0.0 < 15.64.5 Search vendor "TeamViewer" for product "Host (Win7/8)" and version " >= 15.0.0 < 15.64.5" | en |
Affected
| ||||||