Primary

Context

TeamViewer DEX Command Injection Vulnerability Allowing Remote Execution of Elevated Commands

Vulnerability

Patched

A command injection vulnerability has been identified in TeamViewer DEX (formerly 1E DEX) versions prior to 21. This vulnerability exists within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction, where improper input validation allows authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation of this vulnerability enables remote execution of elevated commands on devices connected to the platform.

Impact

Exploitation of this vulnerability allows for command injection, enabling authenticated attackers to execute arbitrary commands with elevated privileges on affected devices.

Remediation

Users of TeamViewer DEX SaaS should note that most instructions have been automatically updated with version 25.12. On-premise customers should contact their Customer Success Manager for updates.

Added: Dec 11, 2025, 12:23 PM

Updated: Dec 11, 2025, 12:23 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

3.3

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

3.3

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TeamViewer DEX Command Injection Vulnerability Allowing Remote Execution of Elevated Commands

Vulnerability

Impact

Remediation

Affected Products

TeamViewer DEX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating