A vulnerability has been discovered in the TeamViewer Clients for Windows

Threat ID:CC-4613

Threat Severity:Medium

Published:31 January 2025 4:13 PM

Summary

Affected platforms

The following platforms are known to be affected:

Versions: TeamViewer Remote and TeamViewer Tensor

TeamViewer

TeamViewer Full Client (Windows) prior to 15.62
TeamViewer Full Client (Windows) prior to 14.7.48799
TeamViewer Full Client (Windows) prior to 13.2.36226
TeamViewer Full Client (Windows) prior to 12.0.259319
TeamViewer Host (Windows) prior to 15.62
TeamViewer Host (Windows) prior to 14.7.48799
TeamViewer Host (Windows) prior to 13.2.36226
TeamViewer Host (Windows) prior to 12.0.259319
TeamViewer Host (Windows) prior to 11.0.259318

Threat details

Introduction

TeamViewer has released a security advisory addressing a new vulnerability within the TeamViewer Remote Windows Clients. TeamViewer is a popular remote access and control software.

CVE-2025-0065 is an 'improper neutralization of argument delimiters in a command' vulnerability with a CVSSv3 score of 7.8. An unprivileged attacker with local Windows access could use this flaw to elevate privileges through the use of argument injection.

Remediation advice

Affected organisations are encouraged to read TeamViewer's security advisory and to apply security updates as soon as practicable.

Definitive source of threat updates

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001/

CVE Vulnerabilities

StatusPublished

CVE-2025-0065Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.

Last edited: 31 January 2025 4:13 pm