Parastou Razi

**Name of the Vulnerable Software and Affected Versions** AnyDesk versions 7.0.15 and 9.0.1 **Description** AnyDesk versions 7.0.15 and 9.0.1 have an unquoted service path configuration. This allows local, non-privileged users to potentially run code with SYSTEM-level privileges. An attacker can exploit this by injecting malicious executables that are then executed with high-level system permissions. **Recommendations** Update AnyDesk to a version that addresses this issue. As a temporary workaround, restrict access to the AnyDesk service path to minimize the risk of exploitation.