Privilege Escalation in TeamViewer DEX 1ENomadSetWorkRate before V17.1
CVE-2025-64994 Published on December 11, 2025
Privilege Escalation via Uncontrolled Search Path in 1E-Nomad-SetWorkRate instruction
A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM.
Vulnerability Analysis
CVE-2025-64994 is exploitable with local system access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a DLL preloading Vulnerability?
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2025-64994 has been classified to as a DLL preloading vulnerability or weakness.
Affected Versions
TeamViewer DEX:- Before 17.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.