CVE-2025-27919

Sažetak

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation.

Reference

https://anydesk.com/en/changelog/windows
https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

06-11-2025 - 19:45

Objavljeno

06-11-2025 - 18:15