CVE-2025-64993 - Vulnerability Details - OpenCVE

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Teamviewer	Dex

No data.

No data.

References

Link	Providers
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/

History

Thu, 11 Dec 2025 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Teamviewer Teamviewer dex
Vendors & Products		Teamviewer Teamviewer dex

Thu, 11 Dec 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 11 Dec 2025 11:45:00 +0000

Type	Values Removed	Values Added
Description		A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.
Title		Command Injection in 1E-ConfigMgrConsoleExtensions Instructions
Weaknesses		CWE-20
References		https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: TV

Published: 2025-12-11T11:29:09.540Z

Updated: 2025-12-11T14:44:21.214Z

Reserved: 2025-11-12T08:16:25.592Z

Link: CVE-2025-64993

Vulnrichment

Updated: 2025-12-11T14:44:19.032Z

NVD

Status : Received

Published: 2025-12-11T12:16:26.320

Modified: 2025-12-11T12:16:26.320

Link: CVE-2025-64993

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64993", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "state": "PUBLISHED", "assignerShortName": "TV", "dateReserved": "2025-11-12T08:16:25.592Z", "datePublished": "2025-12-11T11:29:09.540Z", "dateUpdated": "2025-12-11T14:44:21.214Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["1E-ConfigMgrConsoleExtensions-StopConfigMgrClientService"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "29", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerApplicationDeploymentEvaluationCycle"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "29", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerClientHealthCheck"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "30", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerDiscoveryDataCollectionCycle"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "29", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerFileCollectionCycle"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "29", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerHardwareInventoryCycle"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "29", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerMachinePolicyRetrievalAndEvaluationCycle"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "29", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerSoftwareInventoryCycle"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "29", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerSoftwareMeteringUsageReportCycle"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "29", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerSoftwareUpdatesDeploymentEvaluationCycle"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "29", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerSoftwareUpdatesScanCycle"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "29", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lockheed Martin Red Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.<p></p>"}], "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2025-12-11T11:29:09.540Z"}, "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "On-prem users should update to the latest available versions. SaaS instances have been updated automatically."}], "value": "On-prem users should update to the latest available versions. SaaS instances have been updated automatically."}], "source": {"discovery": "EXTERNAL"}, "title": "Command Injection in 1E-ConfigMgrConsoleExtensions Instructions", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-11T14:44:15.369092Z", "id": "CVE-2025-64993", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T14:44:21.214Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64993", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-11T14:44:15.369092Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T14:44:19.032Z"}}], "cna": {"title": "Command Injection in 1E-ConfigMgrConsoleExtensions Instructions", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Lockheed Martin Red Team"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TeamViewer", "modules": ["1E-ConfigMgrConsoleExtensions-StopConfigMgrClientService"], "product": "DEX", "versions": [{"status": "affected", "version": "0", "lessThan": "29", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerApplicationDeploymentEvaluationCycle"], "product": "DEX", "versions": [{"status": "affected", "version": "0", "lessThan": "29", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerClientHealthCheck"], "product": "DEX", "versions": [{"status": "affected", "version": "0", "lessThan": "30", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerDiscoveryDataCollectionCycle"], "product": "DEX", "versions": [{"status": "affected", "version": "0", "lessThan": "29", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerFileCollectionCycle"], "product": "DEX", "versions": [{"status": "affected", "version": "0", "lessThan": "29", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerHardwareInventoryCycle"], "product": "DEX", "versions": [{"status": "affected", "version": "0", "lessThan": "29", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerMachinePolicyRetrievalAndEvaluationCycle"], "product": "DEX", "versions": [{"status": "affected", "version": "0", "lessThan": "29", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerSoftwareInventoryCycle"], "product": "DEX", "versions": [{"status": "affected", "version": "0", "lessThan": "29", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerSoftwareMeteringUsageReportCycle"], "product": "DEX", "versions": [{"status": "affected", "version": "0", "lessThan": "29", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerSoftwareUpdatesDeploymentEvaluationCycle"], "product": "DEX", "versions": [{"status": "affected", "version": "0", "lessThan": "29", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TeamViewer", "modules": ["1E-ConfigMgrConsoleExtensions-TriggerSoftwareUpdatesScanCycle"], "product": "DEX", "versions": [{"status": "affected", "version": "0", "lessThan": "29", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "On-prem users should update to the latest available versions. SaaS instances have been updated automatically.", "supportingMedia": [{"type": "text/html", "value": "On-prem users should update to the latest available versions. SaaS instances have been updated automatically.", "base64": false}]}], "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.", "supportingMedia": [{"type": "text/html", "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.<p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2025-12-11T11:29:09.540Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64993", "state": "PUBLISHED", "dateUpdated": "2025-12-11T14:44:21.214Z", "dateReserved": "2025-11-12T08:16:25.592Z", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "datePublished": "2025-12-11T11:29:09.540Z", "assignerShortName": "TV"}, "dataVersion": "5.2"}