CVE-2025-64994

Medium CVSS: 6.5

A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM.

Vendor

Teamviewer

Product

Digital Employee Experience

CWE

CWE-427

Yayın Tarihi

2025-12-11 12:16:26

Güncelleme

2026-01-09 02:04:09

Source Identifier

psirt@teamviewer.com

KEV Date Added

Kategoriler

CWE-427 Digital Employee Experience MEDIUM Teamviewer 2025

Referanslar

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/

Benzer Kayıtlar

Medium

CVE-2026-23565

A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior versi…

Medium

CVE-2026-23566

A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior versi…

Medium

CVE-2026-23567

An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution S…

Medium

CVE-2026-23568

An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (Noma…

Medium

CVE-2026-23569

An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (Noma…

Medium

CVE-2026-23570

A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution S…