CVE-2022-50931 – TeamSpeak 3.5.6 has insecure file permissions t... (How to Fix)

Q: What is the severity of CVE-2022-50931?

CVE-2022-50931 has a CVSS score of 7.8 (HIGH). TeamSpeak 3.5.6 has insecure file permissions that allow local attackers to replace executable files with malicious binaries. This enables privilege escalation where attackers can replace system executables to potentially gain SYSTEM or Administrator-level access. Only users running TeamSpeak 3.5.6 on Windows systems are affected.

📋 TL;DR

TeamSpeak 3.5.6 has insecure file permissions that allow local attackers to replace executable files with malicious binaries. This enables privilege escalation where attackers can replace system executables to potentially gain SYSTEM or Administrator-level access. Only users running TeamSpeak 3.5.6 on Windows systems are affected.

💻 Affected Systems

Products:

TeamSpeak 3 Client

Versions: 3.5.6

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows installations. Requires local access to the system where TeamSpeak is installed.

📦 What is this software?

Teamspeak by Teamspeak

View all CVEs affecting Teamspeak →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains SYSTEM privileges, enabling complete system compromise, data theft, persistence, and lateral movement within the network.

🟠

Likely Case

Local attacker gains Administrator privileges, allowing installation of malware, credential theft, and privilege escalation on the affected system.

🟢

If Mitigated

Attack fails due to proper file permissions, user account restrictions, or security software preventing binary replacement.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Internal attackers with local access can exploit this to escalate privileges and compromise systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access to the system. Public exploit code is available on Exploit-DB (ID 50743).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.7 and later

Vendor Advisory: https://www.teamspeak.com

Restart Required: Yes

Instructions:

1. Download TeamSpeak 3.5.7 or later from teamspeak.com. 2. Uninstall TeamSpeak 3.5.6. 3. Install the updated version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict File Permissions

windows

Manually set proper file permissions on TeamSpeak installation directory to prevent unauthorized file modifications.

icacls "C:\Program Files\TeamSpeak 3 Client\*" /inheritance:r /grant:r "%USERNAME%":(R,W) /grant:r "SYSTEM":(F) /grant:r "Administrators":(F)

Run as Standard User

windows

Run TeamSpeak with standard user privileges instead of Administrator privileges to limit potential damage.

🧯 If You Can't Patch

Remove TeamSpeak 3.5.6 from all systems until patched version can be installed.
Implement strict access controls and monitoring on systems with TeamSpeak 3.5.6 installed.

🔍 How to Verify

Check if Vulnerable:

Check TeamSpeak version in Help > About. If version is 3.5.6, system is vulnerable.

Check Version:

Check Help > About in TeamSpeak client or examine installed programs in Windows Control Panel.

Verify Fix Applied:

Verify TeamSpeak version is 3.5.7 or later in Help > About. Check file permissions on TeamSpeak executables.

📡 Detection & Monitoring

Log Indicators:

Windows Event Log entries showing file permission changes in TeamSpeak directory
Unexpected file modifications to ts3client_win32.exe or other TeamSpeak executables

Network Indicators:

Unusual network connections from TeamSpeak process after exploitation

SIEM Query:

EventID=4663 AND ObjectName LIKE '%TeamSpeak%' AND Accesses LIKE '%WRITE_DAC%' OR Accesses LIKE '%WRITE_OWNER%'

📊 Metadata

CVE ID: CVE-2022-50931

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

EPSS Score: 0.02% exploit probability (2.7th percentile)

Published: January 13, 2026

Last Updated: February 2, 2026

🔗 References

https://www.exploit-db.com/exploits/50743 Exploit,Third Party Advisory
https://www.teamspeak.com Product
https://www.teamspeak.com/en/downloads Product
https://www.vulncheck.com/advisories/teamspeak-insecure-file-permissions Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50931, you might also want to check these: