Vulnerability Description
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.
Related Weaknesses (CWE)
References
- http://anydesk.com
- http://anydesk.com/download
- https://www.exploit-db.com/exploits/51968
- https://www.exploit-db.com/exploits/52258
- https://www.vulncheck.com/advisories/anydesk-unquoted-service-path-privilege-esc
FAQ
What is CVE-2025-34499?
CVE-2025-34499 is a documented vulnerability. AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the u...
How severe is CVE-2025-34499?
CVSS scoring is not yet available for CVE-2025-34499. Check NVD for updates.
Is there a patch for CVE-2025-34499?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.