CVE-2025-36537
Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
TeamViewer · Full ClientTeamViewer · Full Client (Win7/8)TeamViewer · HostTeamViewer · Host (Win7/8)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →