Home

Description

AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.

PUBLISHED Reserved 2025-04-15 | Published 2025-12-11 | Updated 2025-12-16 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-428: Unquoted Search Path or Element

Product status

Default status
unaffected

7.0.15
affected

9.0.1
affected

Credits

Parastou Razi finder

Milad Karimi (Ex3ptionaL) finder

References

www.exploit-db.com/exploits/52258 (ExploitDB-52258) exploit

www.exploit-db.com/exploits/51968 (ExploitDB-51968) exploit

anydesk.com (AnyDesk Homepage) product

anydesk.com/download (AnyDesk Software Link) product

www.vulncheck.com/...path-privilege-escalation-vulnerability (VulnCheck Advisory: AnyDesk 9.0.1 Unquoted Service Path Privilege Escalation Vulnerability) third-party-advisory

cve.org (CVE-2025-34499)

nvd.nist.gov (CVE-2025-34499)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.