{"id":"CVE-2025-64986","details":"A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.","modified":"2026-04-10T05:33:59.941694Z","published":"2025-12-11T12:16:25.400Z","references":[{"type":"ADVISORY","url":"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"21.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64986.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}