CVE-2025-36537 (GCVE-0-2025-36537)
Vulnerability from cvelistv5
Published
2025-06-24 14:24
Modified
2025-06-24 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management
Summary
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TeamViewer | Full Client |
Version: 15.0.0 < 15.67 Version: 14.0.0 < 14.7.48809 Version: 13.0.0 < 13.2.36227 Version: 12.0.0 < 12.0.259325 Version: 11.0.0 < 11.0.259324 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T14:45:18.947774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:31:17.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Full Client",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "15.67",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
},
{
"lessThan": "14.7.48809",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
},
{
"lessThan": "13.2.36227",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "12.0.259325",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "11.0.259324",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Host",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "15.67",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
},
{
"lessThan": "14.7.48809",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
},
{
"lessThan": "13.2.36227",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "12.0.259325",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "11.0.259324",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Full Client (Win7/8)",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "15.64.5",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Host (Win7/8)",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "15.64.5",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Giuliano Sanfins (0x_alibabas) from SiDi, working with Trend Micro Zero Day Initiativ"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T14:44:54.915Z",
"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
"shortName": "TV"
},
"references": [
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1002/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the latest version."
}
],
"value": "Update to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
"assignerShortName": "TV",
"cveId": "CVE-2025-36537",
"datePublished": "2025-06-24T14:24:08.394Z",
"dateReserved": "2025-04-30T08:08:15.966Z",
"dateUpdated": "2025-06-24T15:31:17.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-36537\",\"sourceIdentifier\":\"psirt@teamviewer.com\",\"published\":\"2025-06-24T15:15:24.453\",\"lastModified\":\"2025-06-26T18:58:14.280\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.\"},{\"lang\":\"es\",\"value\":\"La asignaci\u00f3n incorrecta de permisos para recursos cr\u00edticos en TeamViewer Client (Full y Host) de TeamViewer Remote y Tensor (versi\u00f3n anterior a la 15.67) en Windows permite que un usuario local sin privilegios active la eliminaci\u00f3n arbitraria de archivos con privilegios de SYSTEM mediante el mecanismo de reversi\u00f3n de MSI. La vulnerabilidad solo afecta a las funciones de administraci\u00f3n remota: copia de seguridad, monitorizaci\u00f3n y administraci\u00f3n de parches.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@teamviewer.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"references\":[{\"url\":\"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1002/\",\"source\":\"psirt@teamviewer.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-36537\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-24T14:45:18.947774Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-732\", \"description\": \"CWE-732 Incorrect Permission Assignment for Critical Resource\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-24T14:46:04.928Z\"}}], \"cna\": {\"title\": \"Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Giuliano Sanfins (0x_alibabas) from SiDi, working with Trend Micro Zero Day Initiativ\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"TeamViewer\", \"product\": \"Full Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"15.67\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"14.0.0\", \"lessThan\": \"14.7.48809\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"13.0.0\", \"lessThan\": \"13.2.36227\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"12.0.0\", \"lessThan\": \"12.0.259325\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.0.0\", \"lessThan\": \"11.0.259324\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"TeamViewer\", \"product\": \"Host\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"15.67\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"14.0.0\", \"lessThan\": \"14.7.48809\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"13.0.0\", \"lessThan\": \"13.2.36227\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"12.0.0\", \"lessThan\": \"12.0.259325\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"11.0.0\", \"lessThan\": \"11.0.259324\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"TeamViewer\", \"product\": \"Full Client (Win7/8)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"15.64.5\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"TeamViewer\", \"product\": \"Host (Win7/8)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"15.64.5\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to the latest version.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update to the latest version.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1002/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIncorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management\"}]}], \"providerMetadata\": {\"orgId\": \"13430f76-86eb-43b2-a71c-82c956ef31b6\", \"shortName\": \"TV\", \"dateUpdated\": \"2025-06-24T14:44:54.915Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-36537\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-24T15:31:17.734Z\", \"dateReserved\": \"2025-04-30T08:08:15.966Z\", \"assignerOrgId\": \"13430f76-86eb-43b2-a71c-82c956ef31b6\", \"datePublished\": \"2025-06-24T14:24:08.394Z\", \"assignerShortName\": \"TV\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…