CVE-2025-64990 MEDIUM

CVE-2025-64990: Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction

Vendor Teamviewer

Product DEX

Weakness CWE-20 · Input validation

Published December 11, 2025

Last update December 11, 2025

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.

Key dates

02Disclosure timeline

December 11, 2025 CVE published

December 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-64990 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

CVE-2025-64990: Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction

01Description

02Disclosure timeline

03References

04Related CVE