Primary

Context

TeamViewer DEX Command Injection Vulnerability Allowing Remote Execution of Elevated Commands

Vulnerability

A command injection vulnerability has been identified in TeamViewer DEX (formerly 1E DEX) versions prior to 19.2. This vulnerability resides within the 1E-Nomad-GetCmContentLocations instruction and results from improper input validation. Authenticated attackers with Actioner privileges can exploit this flaw to inject arbitrary commands, which are then executed remotely with elevated rights on devices connected to the platform.

Impact

Exploitation of this vulnerability allows for remote execution of injected commands with elevated privileges on the affected device.

Remediation

Users of TeamViewer DEX should update to version 19.2 or later. For on-premise installations, contact the responsible Customer Success Manager for assistance.

Added: Dec 11, 2025, 12:22 PM

Updated: Dec 11, 2025, 12:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TeamViewer DEX Command Injection Vulnerability Allowing Remote Execution of Elevated Commands

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating