Incorrect Permission Assignment in TeamViewer Client for Remote Management Features
CVE-2025-36537
What is CVE-2025-36537?
A vulnerability in the TeamViewer Client's Remote Management features prior to version 15.67 on Windows permits local unprivileged users to exploit incorrect permission assignments. By leveraging the MSI rollback mechanism, these users can execute arbitrary file deletions with elevated SYSTEM privileges, potentially compromising the integrity of the system. This issue specifically affects features related to Backup, Monitoring, and Patch Management, exposing critical resources to unauthorized actions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Full Client (Win7/8) Windows 15.0.0 < 15.64.5
Full Client Windows 15.0.0 < 15.67
Full Client Windows 14.0.0 < 14.7.48809
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved