PT-2025-50765 · Anydesk · Anydesk
Milad Karimi
+1
·
Published
2025-12-11
·
Updated
2025-12-12
·
CVE-2025-34499
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
AnyDesk versions 7.0.15 and 9.0.1
Description
AnyDesk versions 7.0.15 and 9.0.1 have an unquoted service path configuration. This allows local, non-privileged users to potentially run code with SYSTEM-level privileges. An attacker can exploit this by injecting malicious executables that are then executed with high-level system permissions.
Recommendations
Update AnyDesk to a version that addresses this issue. As a temporary workaround, restrict access to the AnyDesk service path to minimize the risk of exploitation.
Exploit
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Anydesk