A critical security vulnerability has been identified in TeamViewer Clients for Windows, allowing attackers with local access to escalate their privileges to the system level.
The flaw, tracked as CVE-2025-0065, affects versions of TeamViewer Full Client and Host prior to 15.62, posing a significant risk to users who have not updated their software.
Vulnerability Overview
The issue arises from an Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component.
This vulnerability, classified under CWE-88 (Argument Injection), enables attackers to inject malicious arguments into the service, leading to privilege escalation.
By exploiting this flaw, an attacker with unprivileged local access can execute commands with elevated privileges, potentially compromising the confidentiality, integrity, and availability of the system.
This vulnerability was discovered by an anonymous researcher working with Trend Micro’s Zero Day Initiative.
Technical Details
CVE-2025-0065 is a high-severity vulnerability with a CVSS v3.1 score of 7.8, classified under CWE-88 – Improper Neutralization of Argument Delimiters in a Command.
The exploit requires local access to the target system but does not require user interaction, making it relatively easy to execute.
With low attack complexity, a successful exploit can lead to high confidentiality, integrity, and availability impacts, potentially allowing an attacker to manipulate command execution on the affected system.
The vulnerability occurs because TeamViewer_service.exe fails to properly sanitize input parameters. This allows attackers to inject specially crafted arguments into the command string, which are then executed with elevated privileges by the service.
“We have no indication that this vulnerability has been or is being exploited in the wild”, reads the advisory.
The following versions of TeamViewer Full Client and Host for Windows are vulnerable:
TeamViewer has released a patch addressing this vulnerability in version 15.62 and strongly recommends users update their software immediately to mitigate potential risks.
To protect against exploitation, users should update to version 15.62 or later by downloading it from the official TeamViewer website or using the built-in update mechanism.
Additionally, implementing security best practices is crucial, such as restricting physical and remote access to systems running TeamViewer, using firewalls to limit unauthorized communication, and segmenting critical systems within the network.
Regular monitoring and auditing of systems are also advised, including reviewing logs for suspicious activity and conducting periodic security audits to identify potential vulnerabilities.
CVE-2025-0065 highlights the importance of maintaining up-to-date software and implementing robust security measures against potential vulnerabilities.
Users are strongly advised to upgrade their TeamViewer installations and adopt proactive monitoring practices to safeguard their systems against exploitation attempts.
Collect Threat Intelligence with TI Lookup to Improve Your Company’s Security - Get 50 Free Request