CVE-2025-44016

Summary

A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the service to incorrectly validate and process the file as trusted, enabling arbitrary code execution under the Nomad Branch service context.

Affected Software

VendorProductVersion RangeStatus
TeamViewerDEX0 < 25.11.0.29affected
TeamViewerDEX0 <= 25.9.0.46affected
TeamViewerDEX0 <= 25.5.0.53affected
TeamViewerDEX0 <= 24.5.0.69affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References