TeamViewer DEX Vulnerabilities Let Attackers Trigger DoS Attack and Expose Sensitive Data

TeamViewer DEX Vulnerabilities Let Attackers Trigger DoS Attack and Expose Sensitive Data

Posted on By CWS

A number of essential vulnerabilities in TeamViewer DEX Shopper’s Content material Distribution Service (NomadBranch.exe), previously a part of 1E Shopper.

Affecting Home windows variations earlier than 25.11 and choose older branches, the failings stem from improper enter validation (CWE-20), probably enabling attackers on the native community to execute code, crash the service, or leak delicate knowledge.

Essentially the most extreme challenge, CVE-2025-44016 (CVSS 3.1 base rating: 8.8 Excessive), permits bypassing file integrity checks. By crafting a request with a sound hash for malicious code, attackers can trick the service into treating it as trusted, enabling arbitrary code execution inside the NomadBranch context.

Complementing this are two medium-severity flaws. CVE-2025-12687 (CVSS 6.5 Medium) triggers a denial-of-service (DoS) crash through a specifically crafted command, halting the service completely. In the meantime, CVE-2025-12687 (CVSS 4.3 Medium) coerces the service into sending knowledge to an arbitrary inner IP handle, risking the publicity of delicate data.

All vulnerabilities require adjoining community entry (AV:A), making them viable threats in peer-to-peer or shared LAN environments. Notably, no proof suggests wild exploitation up to now. Installations with NomadBranch disabled in its default state are unaffected, as is the TeamViewer Distant/Tensor “DEX Necessities” add-on.

TeamViewer has patched these in model 25.11.0.29 and hotfixes for legacy branches:

Launch VersionDownload Link25.11.0.291E Shopper 25.1125.9.0.46 (HF-PLTPKG-524)HF-PLTPKG-52425.5.0.53 LTSB (HF-PLTPKG-526)HF-PLTPKG-52624.5.0.69 LTSB (HF-PLTPKG-525)Help Portal

CVE-2025-46266 is mounted solely in 25.11 and later. Organizations ought to prioritize updates, confirm NomadBranch standing, and phase networks to mitigate adjoining assaults.

As distant entry instruments come underneath growing scrutiny, this disclosure underscores the necessity for sturdy enter validation in content material distribution providers.

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Quid Miner Launches Mobile App to Unlock in Daily Cloud Mining Income for BTC, DOGE, and XRP for Investors Quid Miner Launches Mobile App to Unlock in Daily Cloud Mining Income for BTC, DOGE, and XRP for Investors Cyber Security News
OPPO Clone Phone Weak WiFi Hotspot Exposes Sensitive Data OPPO Clone Phone Weak WiFi Hotspot Exposes Sensitive Data Cyber Security News
Google Cloud and Cloudflare Suffers Massive Widespread Outages Google Cloud and Cloudflare Suffers Massive Widespread Outages Cyber Security News
CISA Adds Fortinet Vulnerability to KEV Catalog After Active Exploitation CISA Adds Fortinet Vulnerability to KEV Catalog After Active Exploitation Cyber Security News
Cybersecurity Newsletter Weekly Recap – UK Hacker Bust to BMW Data Leak Cybersecurity Newsletter Weekly Recap – UK Hacker Bust to BMW Data Leak Cyber Security News
Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware Cyber Security News