[German]A security vulnerability classified as high has become known in the TeamViewer client. In a security advisory dated January 28, 2025, the manufacturer warns of the vulnerability CVE-2025-0065 in its client and recommends updating to version 15.62.
Advertising
A blog reader pointed out the issue to me via a private Facebook message (thanks for that), which I have also come across elsewhere. TeamViewer Support published the security warning Improper Neutralization of Argument Delimiters in TeamViewer Clients on January 28, 2025.
The vulnerability CVE-2025-0065 was discovered in the TeamViewer clients for Windows, which allows local privilege escalation on a Windows system. The vulnerability is classified as High with a CVSS index of 7.8.
The cause is an improper neutralization of arguments in the TeamViewer_service.exe component of TeamViewer Full Client & Host prior to version 15.62 (and other versions listed in the security warning). This allows an attacker with local, unprivileged access to a Windows system to elevate their privileges through argument injection.
To exploit this vulnerability, an attacker needs local access to the Windows system. The TeamViewer developers have no evidence that this vulnerability has been or is being exploited in the wild.
The vulnerability has been fixed with version 15.62 and the additional versions listed in the security warning. It is recommended to update to the latest available version. Here is the list of updated clients:
Advertising
- TeamViewer Full Client (Windows) < 14.7.48799
- TeamViewer Full Client (Windows) < 13.2.36226
- TeamViewer Full Client (Windows) < 12.0.259319
- TeamViewer Full Client (Windows) < 11.0.259318
- TeamViewer Host (Windows) < 15.62
- TeamViewer Host (Windows) < 14.7.48799
- TeamViewer Host (Windows) < 13.2.36226
- TeamViewer Host (Windows) < 12.0.259319
- TeamViewer Host (Windows) < 11.0.259318
The clients can be downloaded from the TeamViewer pages.
Advertising
