Arbitrary Code Execution Vulnerability in TeamViewer DEX Client for Windows
CVE-2025-44016

8.8HIGH

Key Information:

Vendor: Teamviewer
Status: Dex
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-44016?

A vulnerability exists in the TeamViewer DEX Client (formerly 1E client) related to the Content Distribution Service (NomadBranch.exe) on Windows. This flaw allows attackers to circumvent file integrity checks by sending a crafted request with a valid hash for a malicious file. As a result, the service may incorrectly identify the file as trustworthy, leading to the execution of arbitrary code within the context of the Nomad Branch service.

Affected Version(s)

DEX Windows 0 < 25.11.0.29

DEX Windows 0 <= 25.9.0.46

DEX Windows 0 <= 25.5.0.53

References

https://www.teamviewer.com/en/resources/trust-center/secu...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Apr 30, 2025

Credit

Threat Hunt Team of Bank of America

JSON

Teamviewer

What is CVE-2025-44016?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit