vulnerability

TeamViewer Remote: CVE-2025-36537: Incorrect Permission Assignment for Critical Resource

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:S/C:C/I:C/A:C)	Jun 24, 2025	Jul 21, 2025	Jul 21, 2025

Severity

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

Jun 24, 2025

Added

Jul 21, 2025

Modified

Jul 21, 2025

Description

Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.

Solution

teamviewer-remote-upgrade-latest

References

CWE-732
CVE-2025-36537
https://attackerkb.com/topics/CVE-2025-36537
URL-https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1002/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today