CVE-2025-64990

Medium CVSS: 6.8

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.

Vendor

Teamviewer

Product

Digital Employee Experience

CWE

CWE-20

Yayın Tarihi

2025-12-11 12:16:25

Güncelleme

2026-01-14 20:18:58

Source Identifier

psirt@teamviewer.com

KEV Date Added

Kategoriler

CWE-20 Digital Employee Experience MEDIUM Teamviewer 2025

Referanslar

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/

Benzer Kayıtlar

Medium

CVE-2026-23565

A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior versi…

Medium

CVE-2026-23566

A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior versi…

Medium

CVE-2026-23567

An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution S…

Medium

CVE-2026-23568

An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (Noma…

Medium

CVE-2026-23569

An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (Noma…

Medium

CVE-2026-23570

A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution S…