A critical vulnerability, CVE-2025-36537, has been identified in TeamViewer’s Remote Management solution for Windows, allowing local unprivileged attackers to delete arbitrary files with SYSTEM-level privileges. This flaw, assigned a CVSS score of (High), poses a serious risk for privilege escalation and system compromise. Notably, it affects TeamViewer Remote Full and Host clients on Windows systems running versions prior to 15.67, including older versions dating back to 11.0.259324. However, only installations with Remote Management components (Backup, Monitoring, and Patch Management) are vulnerable standard TeamViewer setups are not affected.

The vulnerability stems from incorrect permission assignments (CWE-732) and is rooted in how the software’s MSI rollback mechanism handles file operations. Once a local attacker gains access to a vulnerable system, they can exploit this flaw without requiring any user interaction, enabling unauthorized deletion of system-critical files with elevated privileges. This could be used to disable security software or corrupt system integrity, forming part of a broader privilege escalation attack chain.

As of now, there is no evidence of active exploitation in the wild, but given that the technical details are public, the window for opportunistic attacks is now open. The attack surface is limited to local access, making it more relevant to multi-user environments or systems already compromised through other means. Still, due to the high potential impact on confidentiality, integrity, and availability, it represents a significant security threat for any organization using the affected features.

TeamViewer has released patches, with version 15.67 or later, addressing the issue. Organizations are urged to immediately update all affected systems, particularly those with Remote Management enabled. Security researcher Giuliano Sanfins (0x_alibabas), in collaboration with the Trend Micro Zero Day Initiative, responsibly disclosed the vulnerability, reinforcing the importance of timely vulnerability management in third-party software environments.