CVE-2025-64995

A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the device during execution, to hijack the process and execute arbitrary code with SYSTEM privileges.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.6 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:teamviewer:digital_employee_experience:*:*:*:*:*:*:*:*

History

09 Jan 2026, 02:02

Type	Values Removed	Values Added
First Time		Teamviewer Teamviewer digital Employee Experience
CPE		cpe:2.3:a:teamviewer:digital_employee_experience::::::::
References	~~() https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/ -~~	() https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/ - Vendor Advisory

11 Dec 2025, 12:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-11 12:16

Updated : 2026-01-09 02:02

NVD link : CVE-2025-64995

Mitre link : CVE-2025-64995

CVE.ORG link : CVE-2025-64995

JSON object : View

Products Affected

teamviewer

digital_employee_experience

CWE

CWE-427

Uncontrolled Search Path Element

6.5 /10