6.5
CVE-2025-64994 - Privilege Escalation via Uncontrolled Search Path in 1E-Nomad-SetWorkRate instruction
A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate priβ¦
6.8
CVE-2025-64993 - Command Injection in 1E-ConfigMgrConsoleExtensions Instructions
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execβ¦
6.8
CVE-2025-64992 - Command Injection in 1E-Nomad-PauseNomadJobQueue Instruction
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remoβ¦
6.8
CVE-2025-64991 - Command Injection in 1E-PatchInsights-Deploy Instruction
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote eβ¦
6.8
CVE-2025-64990 - Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enaβ¦
7.2
CVE-2025-64989 - Command Injection in 1E-Explorer-TachyonCore-FindFileBySizeAndHash Instruction
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploβ¦
7.2
CVE-2025-64988 - Command Injection in 1E-Nomad-GetCmContentLocations Instruction
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enablesβ¦
7.2
CVE-2025-64987 - Command Injection in 1E-Explorer-TachyonCore-CheckSimpleIoC Instruction
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remβ¦
7.2
CVE-2025-64986 - Command Injection in 1E-Explorer-TachyonCore-DevicesListeningOnAPort Instruction
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploβ¦
4.3
CVE-2025-46266 - Unauthenticated Transmission of Data in NomadBranch.exe
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentially leaking sensitive information.