A number of essential vulnerabilities in TeamViewer DEX Shopper’s Content material Distribution Service (NomadBranch.exe), previously a part of 1E Shopper.
Affecting Home windows variations earlier than 25.11 and choose older branches, the failings stem from improper enter validation (CWE-20), probably enabling attackers on the native community to execute code, crash the service, or leak delicate knowledge.
Essentially the most extreme challenge, CVE-2025-44016 (CVSS 3.1 base rating: 8.8 Excessive), permits bypassing file integrity checks. By crafting a request with a sound hash for malicious code, attackers can trick the service into treating it as trusted, enabling arbitrary code execution inside the NomadBranch context.
Complementing this are two medium-severity flaws. CVE-2025-12687 (CVSS 6.5 Medium) triggers a denial-of-service (DoS) crash through a specifically crafted command, halting the service completely. In the meantime, CVE-2025-12687 (CVSS 4.3 Medium) coerces the service into sending knowledge to an arbitrary inner IP handle, risking the publicity of delicate data.
All vulnerabilities require adjoining community entry (AV:A), making them viable threats in peer-to-peer or shared LAN environments. Notably, no proof suggests wild exploitation up to now. Installations with NomadBranch disabled in its default state are unaffected, as is the TeamViewer Distant/Tensor “DEX Necessities” add-on.
TeamViewer has patched these in model 25.11.0.29 and hotfixes for legacy branches:
Launch VersionDownload Link25.11.0.291E Shopper 25.1125.9.0.46 (HF-PLTPKG-524)HF-PLTPKG-52425.5.0.53 LTSB (HF-PLTPKG-526)HF-PLTPKG-52624.5.0.69 LTSB (HF-PLTPKG-525)Help Portal
CVE-2025-46266 is mounted solely in 25.11 and later. Organizations ought to prioritize updates, confirm NomadBranch standing, and phase networks to mitigate adjoining assaults.
As distant entry instruments come underneath growing scrutiny, this disclosure underscores the necessity for sturdy enter validation in content material distribution providers.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.
