Main Vulnerability Database Vulnerabilities #VU119846

#VU119846 Input validation error in Digital Employee Experience (DEX) Client for Windows - CVE-2025-46266

Published: December 11, 2025

Vulnerability identifier: #VU119846

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-46266

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Digital Employee Experience (DEX) Client for Windows

Software vendor:
TeamViewer

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input within the Content Distribution Service (NomadBranch.exe). A remote attacker on the local network can force the service into transmitting data to an arbitrary internal IP address, leading to information disclosure.

Remediation

Install updates from vendor's website.

External links

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1005/

#VU119846 Input validation error in Digital Employee Experience (DEX) Client for Windows - CVE-2025-46266

Description

Remediation

External links

Please verify you're human