CVE-2025-0065

Summary

Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.

Affected Software

VendorProductVersion RangeStatus
TeamViewerRemote Full Client15.0.0 < 15.62affected
TeamViewerRemote Full Client14.0.0 < 14.7.48799affected
TeamViewerRemote Full Client13.0.0 < 13.2.36226affected
TeamViewerRemote Full Client12.0.0 < 12.0.259319affected
TeamViewerRemote Full Client11.0.0 < 11.0.259318affected
TeamViewerRemote Host15.0.0 < 15.62affected
TeamViewerRemote Host14.0.0 < 14.7.48799affected
TeamViewerRemote Host13.0.0 < 13.2.36226affected
TeamViewerRemote Host12.0.0 < 12.0.259319affected
TeamViewerRemote Host11.0.0 < 11.0.259318affected

Weaknesses

  • CWE-88: CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References