Publish Advisories

GHSA-m68q-4hqr-mc6f
GHSA-r6gx-fcg6-8hhj
GHSA-2rf3-6xwj-242m
GHSA-3hmw-h9hw-mx39
GHSA-9f92-cqmm-3frg
GHSA-f6mf-j487-747p
GHSA-fh67-v6r3-9f98
GHSA-gfgh-99f9-3f6g
GHSA-j77f-3hf7-7rvg
GHSA-m7w9-hq85-2537
GHSA-mhm2-77w6-f4f8
GHSA-pqmf-56qm-jqf9
GHSA-q9c5-4g2g-c25m
GHSA-r6v6-gcvm-4vxr
GHSA-wpgp-vmg7-5726
GHSA-wxmq-5jpw-8955
GHSA-xmxh-pm35-h64j
GHSA-xqm7-qxfg-5xwm

Author: advisory-database[bot]

advisories/github-reviewed/2025/09/GHSA-m68q-4hqr-mc6f/GHSA-m68q-4hqr-mc6f.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m68q-4hqr-mc6f",
-  "modified": "2025-12-11T06:30:24Z",
+  "modified": "2025-12-11T12:30:27Z",
   "published": "2025-09-16T15:32:37Z",
   "aliases": [
     "CVE-2025-4953"
@@ -80,6 +80,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22724"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22732"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:2703"

advisories/unreviewed/2025/11/GHSA-r6gx-fcg6-8hhj/GHSA-r6gx-fcg6-8hhj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r6gx-fcg6-8hhj",
-  "modified": "2025-12-08T09:30:17Z",
+  "modified": "2025-12-11T12:30:27Z",
   "published": "2025-11-25T09:31:24Z",
   "aliases": [
     "CVE-2025-13502"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22790"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:23110"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-13502"

advisories/unreviewed/2025/12/GHSA-2rf3-6xwj-242m/GHSA-2rf3-6xwj-242m.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rf3-6xwj-242m",
+  "modified": "2025-12-11T12:30:28Z",
+  "published": "2025-12-11T12:30:28Z",
+  "aliases": [
+    "CVE-2025-64994"
+  ],
+  "details": "A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64994"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-427"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-11T12:16:26Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-3hmw-h9hw-mx39/GHSA-3hmw-h9hw-mx39.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3hmw-h9hw-mx39",
+  "modified": "2025-12-11T12:30:28Z",
+  "published": "2025-12-11T12:30:28Z",
+  "aliases": [
+    "CVE-2025-64987"
+  ],
+  "details": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64987"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-11T12:16:25Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-9f92-cqmm-3frg/GHSA-9f92-cqmm-3frg.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9f92-cqmm-3frg",
+  "modified": "2025-12-11T12:30:27Z",
+  "published": "2025-12-11T12:30:27Z",
+  "aliases": [
+    "CVE-2025-12687"
+  ],
+  "details": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to cause a denial of service (application crash) via a crafted command, resulting in service termination.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12687"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1005"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-11T12:16:23Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-f6mf-j487-747p/GHSA-f6mf-j487-747p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f6mf-j487-747p",
-  "modified": "2025-12-08T09:30:17Z",
+  "modified": "2025-12-11T12:30:27Z",
   "published": "2025-12-04T18:30:53Z",
   "aliases": [
     "CVE-2025-66287"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22790"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:23110"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-66287"

advisories/unreviewed/2025/12/GHSA-fh67-v6r3-9f98/GHSA-fh67-v6r3-9f98.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fh67-v6r3-9f98",
+  "modified": "2025-12-11T12:30:28Z",
+  "published": "2025-12-11T12:30:28Z",
+  "aliases": [
+    "CVE-2025-64993"
+  ],
+  "details": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64993"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-11T12:16:26Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-gfgh-99f9-3f6g/GHSA-gfgh-99f9-3f6g.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gfgh-99f9-3f6g",
+  "modified": "2025-12-11T12:30:28Z",
+  "published": "2025-12-11T12:30:28Z",
+  "aliases": [
+    "CVE-2025-46266"
+  ],
+  "details": "A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentially leaking sensitive information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46266"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1005"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-11T12:16:25Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-j77f-3hf7-7rvg/GHSA-j77f-3hf7-7rvg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j77f-3hf7-7rvg",
-  "modified": "2025-12-08T09:30:17Z",
+  "modified": "2025-12-11T12:30:27Z",
   "published": "2025-12-03T12:30:14Z",
   "aliases": [
     "CVE-2025-13947"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22790"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:23110"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-13947"

advisories/unreviewed/2025/12/GHSA-m7w9-hq85-2537/GHSA-m7w9-hq85-2537.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m7w9-hq85-2537",
+  "modified": "2025-12-11T12:30:28Z",
+  "published": "2025-12-11T12:30:28Z",
+  "aliases": [
+    "CVE-2025-64986"
+  ],
+  "details": "A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64986"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-11T12:16:25Z"
+  }
+}