CVE-2025-34499
AnyDesk 9.0.1 Unquoted Service Path Privilege Escalation Vulnerability
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.
| CWE | CWE-428 |
| Vendor | anydesk |
| Product | anydesk |
| Published | Dec 11, 2025 |
| Last Updated | Mar 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for anydesk anydesk
Be the first to know when new unknown vulnerabilities affecting anydesk anydesk are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
AnyDesk / AnyDesk
7.0.15 9.0.1
References
exploit-db.com: https://www.exploit-db.com/exploits/52258 exploit-db.com: https://www.exploit-db.com/exploits/51968 anydesk.com: http://anydesk.com anydesk.com: http://anydesk.com/download vulncheck.com: https://www.vulncheck.com/advisories/anydesk-unquoted-service-path-privilege-escalation-vulnerability
Credits
Parastou Razi Milad Karimi (Ex3ptionaL)