CVE-2025-34499

Summary

AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.

Affected Software

VendorProductVersion RangeStatus
AnyDeskAnyDesk7.0.15affected
AnyDeskAnyDesk9.0.1affected

Weaknesses

  • CWE-428: CWE-428: Unquoted Search Path or Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References