Home
HIGH: 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
15.0.0 (custom) before 15.67
affected
14.0.0 (custom) before 14.7.48809
affected
13.0.0 (custom) before 13.2.36227
affected
12.0.0 (custom) before 12.0.259325
affected
11.0.0 (custom) before 11.0.259324
affected
Default status
unaffected
15.0.0 (custom) before 15.67
affected
14.0.0 (custom) before 14.7.48809
affected
13.0.0 (custom) before 13.2.36227
affected
12.0.0 (custom) before 12.0.259325
affected
11.0.0 (custom) before 11.0.259324
affected
Default status
unaffected
15.0.0 (custom) before 15.64.5
affected
Default status
unaffected
15.0.0 (custom) before 15.64.5
affected
Description
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.
Problem types
Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management
Product status
15.0.0 (custom) before 15.67
14.0.0 (custom) before 14.7.48809
13.0.0 (custom) before 13.2.36227
12.0.0 (custom) before 12.0.259325
11.0.0 (custom) before 11.0.259324
15.0.0 (custom) before 15.67
14.0.0 (custom) before 14.7.48809
13.0.0 (custom) before 13.2.36227
12.0.0 (custom) before 12.0.259325
11.0.0 (custom) before 11.0.259324
15.0.0 (custom) before 15.64.5
15.0.0 (custom) before 15.64.5
Credits
Giuliano Sanfins (0x_alibabas) from SiDi, working with Trend Micro Zero Day Initiativ
References
www.teamviewer.com/...enter/security-bulletins/tv-2025-1002/