Critical TeamViewer Vulnerability Allows File Deletion with SYSTEM Privileges

         A serious security vulnerability in TeamViewer's Remote Management solution for Windows could enable attackers with local access to delete arbitrary files using SYSTEM privileges, potentially leading to privilege escalation. Identified as CVE-2025-36537, this flaw was announced on June 24, 2025, and has a CVSS score of 7.0 (High).

Critical TeamViewer Vulnerability Allows File Deletion with SYSTEM PrivilegesCritical TeamViewer Vulnerability Allows File Deletion with SYSTEM Privileges

Key Details

 

  • Vulnerability Overview: The issue, classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), affects TeamViewer Client installations on Windows, specifically in both Full and Host clients prior to version 15.67.
  • Exploitation Method: According to security bulletin TV-2025-1002, local unprivileged users can exploit the MSI rollback mechanism to trigger arbitrary file deletions with elevated SYSTEM privileges. This vulnerability does not require user interaction, making it particularly concerning.
  • Impact: The CVSS vector string indicates a high-severity vulnerability that could compromise confidentiality, integrity, and availability. It specifically targets TeamViewer’s Remote Management features, including Backup, Monitoring, and Patch Management.
  • Affected Versions: The vulnerability impacts TeamViewer Remote Full Client and Host for Windows across versions 11.0, 12.0, 13.2, 14.7, and 15.x prior to 15.67. For Windows 7/8 systems, versions prior to 15.64.5 are vulnerable.
Critical TeamViewer Vulnerability Allows File Deletion with SYSTEM PrivilegesCritical TeamViewer Vulnerability Allows File Deletion with SYSTEM Privileges

Recommended Action


        TeamViewer has released patches for all affected versions, and users are strongly advised to update to version 15.67 or the latest available version immediately. Organizations should prioritize this update, especially for systems utilizing TeamViewer's Remote Management features.

 

       The vulnerability was discovered and responsibly disclosed by security researcher Giuliano Sanfins (0x_alibabas) from SiDi, in collaboration with Trend Micro’s Zero Day Initiative. While there is currently no evidence of exploitation in the wild, organizations should act swiftly to mitigate potential risks.