exploitDog

CVE-2025-44016

Опубликовано: 11 дек. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the service to incorrectly validate and process the file as trusted, enabling arbitrary code execution under the Nomad Branch service context.

Ссылки

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1005/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:teamviewer:digital_employee_experience:*:*:*:*:*:*:*:*

Версия до 25.11 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00095

Низкий

8.8 High

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

GHSA-xqm7-qxfg-5xwm

CVSS3: 8.8

github

около 2 месяцев назад

A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the service to incorrectly validate and process the file as trusted, enabling arbitrary code execution under the Nomad Branch service context.

EPSS

Процентиль: 27%

0.00095

Низкий

8.8 High

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo