Primary

Context

TeamViewer DEX Client NomadBranch Service Improper Input Validation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in the TeamViewer DEX Client Content Distribution Service (NomadBranch.exe) for Windows, prior to version 25.11. This vulnerability allows malicious actors to bypass file integrity validation by sending a crafted request with a valid hash for a malicious file. As a result, the service incorrectly identifies and processes the file as trusted, enabling arbitrary code execution under the Nomad Branch service context. Exploitation requires local network-level access.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected system, executed within the context of the Nomad Branch service.

Remediation

Users can update to TeamViewer DEX Client version 25.11.0.29 or later. For those using version 25.9.0.46, 25.5.0.53, or 24.5.0.69, hotfixes are available. Instructions for downloading these versions can be found on the 1E Support Portal.

Added: Dec 11, 2025, 12:24 PM

Updated: Dec 11, 2025, 12:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TeamViewer DEX Client NomadBranch Service Improper Input Validation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating