TeamViewer Remote Management Bug (CVE-2025-36537) Enables Privilege Escalation

TeamViewer, a widely used remote access and management platform, has disclosed a new vulnerability that impacts its Remote Management features on Windows systems. Tracked as CVE-2025-36537, the flaw has been rated 7.0 (High) on the CVSS scale and allows a local unprivileged attacker to delete arbitrary files with SYSTEM privileges, potentially leading to full privilege escalation.

“A vulnerability has been discovered in TeamViewer Remote Management for Windows, which allows an attacker with local unprivileged access to delete files using SYSTEM privileges,” the security advisory states.

The root cause of CVE-2025-36537 is an incorrect permission assignment for a critical resource in the TeamViewer Client (Full and Host versions). The vulnerability stems from a misconfiguration in how the MSI rollback mechanism handles file deletion during the uninstall or rollback process.

This flaw specifically affects installations of TeamViewer Remote and Tensor (prior to version 15.67) on Windows systems with Remote Management features enabled—namely, Backup, Monitoring, and Patch Management.

“The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management,” the advisory clarifies.

An attacker must already have local access to the system to exploit the vulnerability. By leveraging the MSI rollback mechanism, a low-privileged user can delete arbitrary files as if they had SYSTEM-level permissions, thereby opening the door for privilege escalation or further exploitation.

It’s important to note that the vulnerability does not affect devices running TeamViewer without the Remote Management modules enabled. That includes installations solely used for screen sharing or remote desktop access without Backup, Monitoring, or Patch Management features configured.

TeamViewer has released a fix in version 15.67 and urges all users of Remote Management features to upgrade immediately.

Related Posts:

• CVE-2025-0065: TeamViewer Patches Privilege Escalation Vulnerability in Windows Clients
• DLL Sideloading Exposed: TookPS Hides with TeamViewer
• Unpatched WordPress bug puts your website at risk
• Ubuntu Security Alert: Three Ways to Bypass User Namespace Restrictions
• OpenVPN Driver Flaw: Local Users Can Crash Windows Systems via Buffer Overflow

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy