CVE-2025-27919

High CVSS: 8.2

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation.

Vendor

Anydesk

Product

Anydesk

CWE

NVD-CWE-Other

Yayın Tarihi

2025-11-06 18:15:40

Güncelleme

2025-11-12 17:15:37

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

NVD-CWE-Other Anydesk HIGH Anydesk 2025

Referanslar

https://anydesk.com/en/changelog/windows https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf

Benzer Kayıtlar

High

CVE-2019-25261

AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local att…

High

CVE-2025-27916

An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection be…

High

CVE-2025-27917

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.…

Critical

CVE-2025-27918

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.…