Attackers can attack PCs managed with TeamViewer DEX
Security patches close several vulnerabilities in the remote maintenance platform TeamViewer DEX.
(Image: Alfa Photo/Shutterstock.com)
Using TeamViewer DEX (Digital Employee Experience), administrators manage company computers. Now, attackers can exploit several vulnerabilities to attack devices.
The security issues are said to affect on-premise installations as well as SaaS.
Multiple Security Vulnerabilities
In a warning message, the developers list, among others, four security vulnerabilities classified as “high” in threat level (CVE-2025-64986, CVE-2025-64987, CVE-2025-64988, CVE-2025-64989). If attacks are successful, attackers can remotely execute their commands on devices managed with the platform. However, this only works if attackers are already authenticated.
If attackers successfully exploit the remaining vulnerabilities, they can, among other things, access actually protected information (CVE-2025-46266 “medium”) or even execute malicious code with system privileges (CVE-2025-64994 “medium”). However, this requires local access, including special write permissions.
Videos by heise
The developers assure that the security issues in TeamViewer DEX 25.12 have been resolved. So far, there are no reports of ongoing attacks.
(des)
