TeamViewer Clients <15.62: TA_Service.exe Arg Injection Escalate Privileges
CVE-2025-0065 Published on January 28, 2025
Improper Neutralization of Argument Delimiters in TeamViewer Clients
Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.
Vulnerability Analysis
CVE-2025-0065 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is an Argument Injection Vulnerability?
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
CVE-2025-0065 has been classified to as an Argument Injection vulnerability or weakness.
Products Associated with CVE-2025-0065
Want to know whenever a new CVE is published for TeamViewer? stack.watch will email you.
Affected Versions
TeamViewer Remote Full Client:- Version 15.0.0 and below 15.62 is affected.
- Version 14.0.0 and below 14.7.48799 is affected.
- Version 13.0.0 and below 13.2.36226 is affected.
- Version 12.0.0 and below 12.0.259319 is affected.
- Version 11.0.0 and below 11.0.259318 is affected.
- Version 15.0.0 and below 15.62 is affected.
- Version 14.0.0 and below 14.7.48799 is affected.
- Version 13.0.0 and below 13.2.36226 is affected.
- Version 12.0.0 and below 12.0.259319 is affected.
- Version 11.0.0 and below 11.0.259318 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.