PT-2025-50595 · 1E+1 · 1E Dex+1
Published
2025-12-11
·
Updated
2025-12-11
·
CVE-2025-64988
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TeamViewer DEX (former 1E DEX) versions prior to V19.2
Description
A command injection issue exists in TeamViewer DEX (formerly 1E DEX) due to improper input validation. The vulnerability is located within the
1E-Nomad-GetCmContentLocations instruction. Authenticated attackers with Actioner privileges can inject arbitrary commands, leading to remote execution of elevated commands on connected devices.Recommendations
Update to version V19.2 or later.
Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
1E Dex
Teamviewer Dex