January 30, 2025 By Pierluigi Paganini
TeamViewer has patched a high-severity privilege escalation vulnerability affecting its Windows client and host applications.
TeamViewer released security patches for a high-severity elevation of privilege vulnerability, tracked as CVE-2025-0065 (CVSS score of 7.8), in its remote access solutions for Windows.
The vulnerability is an improper neutralization of argument delimiters in the TeamViewer_service.exe component of TeamViewer Full Client & Host prior to version 15.62 for Windows. An attacker with local access could exploit the flaw to achieve local privilege escalation on a Windows system.
“Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Full Client & Host prior version 15.62 (and additional versions listed below) for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.” reads the advisory. “To exploit this vulnerability, an attacker needs local access to the Windows system.”
The vulnerability affects TeamViewer Full Client and TeamViewer Host versions 11.x, 12.x, 13.x, 14.x, and 15.x. The company released versions 15.62, 14.7.48799, 13.2.36226, 12.0.259319, and 11.0.259318 to address the vulnerability.
