CVE-2025-64992

MEDIUM

TeamViewer DEX < 25.0 - Authenticated Command Injection via 1E-Nomad-PauseNomadJobQueue

Title source: llm

Description

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.

References (1)

Core 1

Core References

Vendor Advisory

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/

Scores

CVSS v3 6.8

EPSS 0.0076

EPSS Percentile 50.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20 CWE-77

Status published

Products (1)

teamviewer/digital_employee_experience < 25.0

Published Dec 11, 2025

Tracked Since Feb 18, 2026