Home

Description

A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the service to incorrectly validate and process the file as trusted, enabling arbitrary code execution under the Nomad Branch service context.

PUBLISHED Reserved 2025-04-30 | Published 2025-12-11 | Updated 2025-12-11 | Assigner TV




HIGH: 8.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

Any version before 25.11.0.29
affected

Any version
affected

Any version
affected

Any version
affected

Credits

Threat Hunt Team of Bank of America finder

References

www.teamviewer.com/...enter/security-bulletins/tv-2025-1005/

cve.org (CVE-2025-44016)

nvd.nist.gov (CVE-2025-44016)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.