CVE-2025-27919

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions AnyDesk versions through 9.0.4

Description A remotely connected user with “Control my device” permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. This allows the attacker to later connect without counterparty confirmation.

Recommendations Update AnyDesk to a version later than 9.0.4.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-275

Related Identifiers

BDU:2025-13994

CVE-2025-27919

Affected Products

Anydesk

CVE-2025-27919

Weakness Enumeration

Related Identifiers

Affected Products

References · 7