CVE-2025-0065

High

Published: 28 January 2025

Published

28 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 20.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.

Security Summary

CVE-2025-0065 involves improper neutralization of argument delimiters (CWE-88) in the TeamViewer_service.exe component of TeamViewer Clients prior to version 15.62 for Windows. Published on January 28, 2025, the vulnerability enables argument injection, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on system confidentiality, integrity, and availability.

An attacker requires local unprivileged access on a targeted Windows system to exploit this flaw. With low attack complexity and no user interaction needed, they can inject malicious arguments into the service process, achieving privilege escalation from a low-privileged account to higher privileges, potentially granting full system control.

TeamViewer's security bulletin (TV-2025-1001) at https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001/ addresses the vulnerability, recommending an update to TeamViewer Client version 15.62 or later to mitigate the argument injection risk.

Details

CWE(s): CWE-88

References

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001/
psirt@teamviewer.com