Home

Description

A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM.

PUBLISHED Reserved 2025-11-12 | Published 2025-12-11 | Updated 2025-12-11 | Assigner TV




MEDIUM: 6.5CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status
unaffected

Any version before 17.1
affected

Credits

Lockheed Martin Red Team finder

References

www.teamviewer.com/...enter/security-bulletins/tv-2025-1006/

cve.org (CVE-2025-64994)

nvd.nist.gov (CVE-2025-64994)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.