Cyber Resilience

CVE-2025-0065

High

Published: 28 January 2025

Published
28 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0007 20.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0065 is a high-severity Argument Injection (CWE-88) vulnerability in Teamviewer (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-0065 involves improper neutralization of argument delimiters (CWE-88) in the TeamViewer_service.exe component of TeamViewer Clients prior to version 15.62 for Windows. Published on January 28, 2025, the vulnerability enables argument injection, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on system confidentiality, integrity, and availability.

An attacker requires local unprivileged access on a targeted Windows system to exploit this flaw. With low attack complexity and no user interaction needed, they can inject malicious arguments into the service process, achieving privilege escalation from a low-privileged account to higher privileges, potentially granting full system control.

TeamViewer's security bulletin (TV-2025-1001) at https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001/ addresses the vulnerability, recommending an update to TeamViewer Client version 15.62 or later to mitigate the argument injection risk.

EU & UK References

Vulnerability details

Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local argument injection into TeamViewer service directly enables exploitation for privilege escalation (T1068) from unprivileged local access to SYSTEM-level control.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0634Shared CWE-88
CVE-2026-4145Shared CWE-88
CVE-2025-15316Shared CWE-88
CVE-2026-41013Shared CWE-88
CVE-2025-15315Shared CWE-88
CVE-2025-12556Shared CWE-88
CVE-2026-1715Shared CWE-88
CVE-2026-24061Shared CWE-88
CVE-2026-31230Shared CWE-88
CVE-2026-40113Shared CWE-88

Affected Assets

Teamviewer
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely patching of TeamViewer to version 15.62 or later as recommended in the vendor security bulletin.

preventdetect

Enables identification of systems with vulnerable TeamViewer versions through scanning, facilitating targeted remediation of the argument injection flaw.

prevent

Limits the impact of privilege escalation from argument injection by ensuring the TeamViewer service and user accounts operate with least privilege.

References