TeamViewer DEX is a remote desktop management tool used by organizations to manage and control remote devices. The vulnerability discovered in TeamViewer DEX allows authenticated attackers with Actioner privileges to inject arbitrary commands, potentially leading to remote execution of elevated commands on connected devices.
You're affected if you use A command. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to TeamViewer DEX version V25 or later from the official TeamViewer website: https://www.teamviewer.com/en/downloads
- Immediate mitigations:
- Restrict network access to your TVDEX instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation