Teamviewer: Rights expansion possible due to security vulnerability

Teamviewer warns of a security vulnerability in the remote maintenance software for Windows. Attackers can use it to extend their rights. Updated packages are available to plug the security leak.

In the security announcement, the developers of Teamviewer write that due to insufficient filtering of separations of passed arguments in "TeamViewer_service.exe", attackers with low rights to the Windows system can extend their rights through argument injection (CVE-2025-0065, CVSS 7.8, risk"high").

Teamviewer: Update recommendation from the manufacturer

To abuse the vulnerability, attackers must have access to the Windows system –, which is a given for privilege escalation anyway. So far, Teamviewer has no evidence that the vulnerability has been or is being exploited in the wild.

The bugs can be found in Teamviewer Remote and Teamviewer Tensor. The company offers numerous updated packages that close the vulnerability. Teamviewer Full Client (Windows) 11.0.259318, 12.0.259319, 13.2.36226, 14.7.48799 and 15.62 as well as Teamviewer Host (Windows) 11.0.259318, 12.0.259319, 13.2.36226, 14.7.48799 and 15.62 are available for download on the Teamviewer download page.

Teamviewer recommends that IT managers update to the latest available software version. The manufacturer does not mention any other countermeasures that would mitigate the effects of the vulnerability for a transitional period.

The last known vulnerability in the Teamviewer remote maintenance software was in September 2024. There, too, attackers were able to extend their rights in the system, which was due to insufficient cryptographic checking of driver installations – they were also able to install drivers as a result. The risk was assessed as "high", but with a CVSS value of 8.8, it only narrowly missed being classified as a critical vulnerability.

(dmk)