TV-2025-1005

1. Summary

Three vulnerabilities were identified and addressed in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) for Windows, affecting versions prior to 25.11 (and additional versions listed below), stemming from improper input validation.

The vulnerabilities have been fixed with version 25.11 and additional versions listed below. We recommend updating to the latest available version.

At this time, there is no indication that these vulnerabilities have been exploited in the wild.

Installations where the Content Distribution Service (NomadBranch.exe) is disabled are not affected. By default, the Content Distribution Service (NomadBranch.exe) is disabled.

The TeamViewer Remote/Tensor add-on “DEX Essentials” is not affected.

2. Vulnerability Details

2.1 CVE-2025-44016

CVE-ID	CVE-2025-44016
Description	A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the service to incorrectly validate and process the file as trusted, enabling arbitrary code execution under the Nomad Branch service context. To exploit this vulnerability, an attacker needs local network-level access. The vulnerability has been fixed with version 25.11 and additional versions listed below. We recommend updating to the latest available version.
CVSS3.1 Score	Base Score 8.8 (High)
CVSS3.1 Vector String	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem type	CWE-20: Improper Input Validation
Affected Products	1E Client - NomadBranch.exe
Fixed Versions	1E Client 25.11.0.29 1E Client 25.9.0.46 - HF-PLTPKG-524 (Hotfix) 1E Client 25.5.0.53 - HF-PLTPKG-526 (Hotfix) 1E Client 24.5.0.69 - HF-PLTPKG-525 (Hotfix)

2.2 CVE-2025-12687

CVE-ID	CVE-2025-12687
Description	A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to cause a denial of service (application crash) via a crafted command, resulting in service termination. To exploit this vulnerability, an attacker needs local network-level access. The vulnerability has been fixed with version 25.11 and additional versions listed below. We recommend updating to the latest available version.
CVSS3.1 Score	Base Score 6.5 (Medium)
CVSS3.1 Vector String	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Problem type	CWE-20: Improper Input Validation
Affected Products	1E Client - NomadBranch.exe
Fixed Versions	1E Client 25.11.0.29 1E Client 25.9.0.46 - HF-PLTPKG-524 (Hotfix) 1E Client 25.5.0.53 - HF-PLTPKG-526 (Hotfix) 1E Client 24.5.0.69 - HF-PLTPKG-525 (Hotfix)

2.3 CVE-2025-46266

CVE-ID	CVE-2025-46266
Description	A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentially leaking sensitive information. To exploit this vulnerability, an attacker needs local network-level access. The vulnerability has been fixed with version 25.11. We recommend updating to the latest available version.
CVSS3.1 Score	Base Score 4.3 (Medium)
CVSS3.1 Vector String	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Problem type	CWE-20: Improper Input Validation
Affected Products	1E Client - NomadBranch.exe
Fixed Versions	1E Client 25.11.0.29

3. Solutions and mitigations

Release Version	Download URL
25.11.0.29	1E Client 25.11
25.9.0.46	HF-PLTPKG-524 Accumulated 1EClient v25.9.0.46
25.5.0.53 LTSB	HF-PLTPKG-526 Accumulated 1EClient v25.5.0.53
24.5.0.69 LTSB	Support Portal

Please note: CVE-2025-46266 is only fixed in release v25.11 and later.

4. Acknowledgments

Threat Hunt Team of Bank of America

Personal use and SMB TeamViewer Remote

Enterprise TeamViewer Tensor

Real-time troubleshooting TeamViewer DEX

Connected worker TeamViewer Frontline

TeamViewer ONE

Key integrations

TeamViewer ONE Platform

Core capabilities

Gartner Report 2025

TeamViewer named a leader in DEX

Key integrations

Popular use cases Most popular TeamViewer use cases

Other use cases Popular solutions for further use cases

By need Popular solutions for different requirements

By industries Popular solutions sorted by industry

Talk to our sales team

Resources

Partner

Support

Company

Improper input validation in TeamViewer DEX Client (former 1E Client) – Content Distribution Service (NomadBranch.exe)

1. Summary

2. Vulnerability Details

3. Solutions and mitigations

4. Acknowledgments

Please choose your region

SUGGESTED REGION

Americas

Asia Pacific

Commonwealth of Independent States

Europe

Middle East Africa

Personal use and SMB TeamViewer Remote

Enterprise TeamViewer Tensor

Real-time troubleshooting TeamViewer DEX

Connected worker TeamViewer Frontline

TeamViewer ONE

Key integrations

TeamViewer ONE Platform

Core capabilities

Gartner Report 2025

TeamViewer named a leader in DEX

Key integrations

Popular use cases Most popular TeamViewer use cases

Other use cases Popular solutions for further use cases

By need Popular solutions for different requirements

By industries Popular solutions sorted by industry

Talk to our sales team

Find out more about TeamViewer

Resources

Partner

Support

Company

Improper input validation in TeamViewer DEX Client (former 1E Client) – Content Distribution Service (NomadBranch.exe)

1. Summary

2. Vulnerability Details

3. Solutions and mitigations

4. Acknowledgments

Please choose your region

SUGGESTED REGION

Americas

Asia Pacific

Commonwealth of Independent States

Europe

Middle East Africa