TeamViewer fixed a vulnerability in Windows client and host applications

TeamViewer has patched a high-severity privilege escalation vulnerability affecting its Windows client and host applications.

TeamViewer released security patches for a high-severity elevation of privilege vulnerability, tracked as CVE-2025-0065 (CVSS score of 7.8), in its remote access solutions for Windows.

The vulnerability is an improper neutralization of argument delimiters in the TeamViewer_service.exe component of TeamViewer Full Client & Host prior to version 15.62 for Windows. An attacker with local access could exploit the flaw to achieve local privilege escalation on a Windows system.

“Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Full Client & Host prior version 15.62 (and additional versions listed below) for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.” reads the advisory. “To exploit this vulnerability, an attacker needs local access to the Windows system.”

The vulnerability affects TeamViewer Full Client and TeamViewer Host versions 11.x, 12.x, 13.x, 14.x, and 15.x. The company released versions 15.62, 14.7.48799, 13.2.36226, 12.0.259319, and 11.0.259318 to address the vulnerability.

The company is not aware of attacks in the wild exploiting this vulnerability.

An anonymous researcher from Trend Micro Zero Day Initiative reported the flaw.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, privilege escalation vulnerability )