Security Bulletins

TV-2025-1001

Improper Neutralization of Argument Delimiters in TeamViewer Clients

Bulletin ID
TV-2025-1001
Issue Date
Jan 28, 2025
Last Update
Jan 28, 2025
Priority
Important
CVSS
7.8 (High)
Assigned CVE
CVE-2025-0065
Affected Products
TeamViewer Remote
TeamViewer Tensor

1. Summary

A vulnerability has been discovered in the TeamViewer Clients for Windows which allows local privilege escalation on a Windows system.

2. Vulnerability Details

CVE-ID

Description

Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Full Client & Host prior version 15.62 (and additional versions listed below) for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.

 

To exploit this vulnerability, an attacker needs local access to the Windows system.

 

We have no indication that this vulnerability has been or is being exploited in the wild.

 

The vulnerability has been fixed with version 15.62 and additional versions listed below. We recommend updating to the latest available version.

CVSS3.1 Score

Base Score 7.8 (High)

CVSS3.1 Vector String

Problem type

3. Affected products and versions

Product Versions Info

TeamViewer Full Client (Windows)

< 15.62

TeamViewer Full Client (Windows)

< 14.7.48799

TeamViewer Full Client (Windows)

< 13.2.36226

TeamViewer Full Client (Windows)

< 12.0.259319

TeamViewer Full Client (Windows)

< 11.0.259318

TeamViewer Host (Windows)

< 15.62

TeamViewer Host (Windows)

< 14.7.48799

TeamViewer Host (Windows)

< 13.2.36226

TeamViewer Host (Windows)

< 12.0.259319

TeamViewer Host (Windows)

< 11.0.259318

4. Solutions and mitigations

Update to the latest version (15.62 or the latest version available)

5. Acknowledgments

Anonymous of Trend Micro Zero Day Initiative