Teamviewer: Attackers can extend their rights in the system

Teamviewer warns of a security vulnerability in Teamviewer Remote Management for Windows that allows attackers to extend their rights to the system. Updated software packages of the remote maintenance solution are available to plug the security leak.

In a security announcement, the Teamviewer developers explain that users with low local rights can delete files with SYSTEM rights due to the vulnerability. This could be abused to extend their rights (CVE-2025-36537 / EUVD-2025-19030, CVSS 7.0, risk “high”). In more detail, the explanation is that an incorrect rights assignment for a critical component in the Teamviewer Client – both Full and Host – of Teamviewer Remote and the monitoring component Tensor under Windows allows users with low privileges to trigger the deletion of arbitrary files with SYSTEM rights. This can be triggered via the MSI rollback mechanism.

Affected software

This only affects the remote management functions backup, monitoring, and patch management. Installations under Windows that do not have any of these components running are therefore not vulnerable. Teamviewer has not yet detected any signs of attacks via the Internet. The Teamviewer software in version 15.67 corrects the security-relevant error. Teamviewer recommends that customers update to the latest available version.

Teamviewer also provides updates for older versions: Teamviewer Remote Full Client for Windows and Teamviewer Remote Host for Windows no longer contain the security vulnerability in versions 15.67, 14.7.48809, 13.2.36227, 12.0.259325 and 11.0.259324. There is also an update to 15.64.5 for the software under Windows 7 and 8, which can be downloaded from the Teamviewer download page.

In January, Teamviewer also reported a security vulnerability that allowed malicious actors to extend their rights. The Windows software was also particularly affected.

(dmk)