VYPR
Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 12, 2025

CVE-2025-27919

CVE-2025-27919

Description

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation.

Affected products

2
  • Anydesk/Anydeskcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=9.0.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.