Home

Description

A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the device during execution, to hijack the process and execute arbitrary code with SYSTEM privileges.

PUBLISHED Reserved 2025-11-12 | Published 2025-12-11 | Updated 2025-12-11 | Assigner TV




MEDIUM: 6.5CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status
unaffected

Any version before 3.4
affected

Credits

Lockheed Martin Red Team finder

References

www.teamviewer.com/...enter/security-bulletins/tv-2025-1006/

cve.org (CVE-2025-64995)

nvd.nist.gov (CVE-2025-64995)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.