Anydesk · Anydesk · CVE-2025-34499
**Name of the Vulnerable Software and Affected Versions**
AnyDesk versions 7.0.15 and 9.0.1
**Description**
AnyDesk versions 7.0.15 and 9.0.1 have an unquoted service path configuration. This allows local, non-privileged users to potentially run code with SYSTEM-level privileges. An attacker can exploit this by injecting malicious executables that are then executed with high-level system permissions.
**Recommendations**
Update AnyDesk to a version that addresses this issue. As a temporary workaround, restrict access to the AnyDesk service path to minimize the risk of exploitation.