CVE-2025-64990

MEDIUM

TeamViewer DEX < 21.1 - Authenticated Command Injection via 1E-Explorer-TachyonCore-LogoffUser Instruction

Title source: llm

Description

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.

References (1)

Core 1

Core References

Vendor Advisory

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/

Scores

CVSS v3 6.8

EPSS 0.0072

EPSS Percentile 49.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (1)

teamviewer/digital_employee_experience < 21.1

Published Dec 11, 2025

Tracked Since Feb 18, 2026