
TeamViewer, a popular remote access and support software, has issued a critical security advisory addressing a vulnerability that could allow attackers to gain elevated privileges on Windows systems. The vulnerability, tracked as CVE-2025-0065 and assigned a CVSS score of 7.8 (High), affects TeamViewer Clients for Windows prior to version 15.62.
According to the advisory, the flaw stems from “Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component.” This allows an attacker with local, unprivileged access to inject malicious arguments, ultimately escalating their privileges on the compromised system.
“To exploit this vulnerability, an attacker needs local access to the Windows system,” the advisory clarifies. This means an attacker would need to have already gained some level of access to the target machine, perhaps through phishing or other malware. However, once this initial access is achieved, this vulnerability could allow them to gain complete control.
The good news is that TeamViewer has “no indication that this vulnerability has been or is being exploited in the wild.” Nevertheless, users are strongly urged to update to the latest available version of the TeamViewer client to mitigate the risk.
This vulnerability was discovered by an anonymous researcher working with Trend Micro Zero Day Initiative.
While there is currently no evidence of active exploitation, the CVE-2025-0065 vulnerability presents a significant risk if left unpatched. All Windows users of TeamViewer should update to version 15.62 or later to ensure their systems remain secure. Organizations should also review access control policies to minimize the risk of local privilege escalation attacks.