CVE-2025-36537
Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
TeamViewer · Full ClientTeamViewer · Full Client (Win7/8)TeamViewer · HostTeamViewer · Host (Win7/8)¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →