Anydesk
Products
1- 19 CVEs
Recent CVEs
19| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14397 | Cri | 0.64 | 9.8 | 0.02 | Sep 12, 2017 | AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. | ||
| CVE-2018-13102 | Hig | 0.51 | 7.8 | 0.01 | Jul 3, 2018 | AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. | ||
| CVE-2024-52940 | Hig | 0.50 | 7.5 | 0.01 | Nov 18, 2024 | AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID. | ||
| CVE-2025-34499 | Med | 0.45 | — | 0.00 | Dec 11, 2025 | AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be… | ||
| CVE-2020-13160 | 0.10 | — | 0.81 | Jun 9, 2020 | AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | |||
| CVE-2016-20094 | 0.00 | — | 0.00 | Jun 19, 2026 | AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges… | |||
| CVE-2019-25261 | 0.00 | — | 0.00 | Feb 3, 2026 | AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations,… | |||
| CVE-2025-27917 | 0.00 | — | 0.00 | Nov 6, 2025 | An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Remote Denial of Service can occur because of incorrect deserialization that results… | |||
| CVE-2025-27918 | 0.00 | — | 0.00 | Nov 6, 2025 | An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet… | |||
| CVE-2025-27916 | 0.00 | — | 0.00 | Nov 6, 2025 | An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID. | |||
| CVE-2025-27919 | 0.00 | — | 0.00 | Nov 6, 2025 | An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the… | |||
| CVE-2024-12754 | 0.00 | — | 0.01 | Dec 30, 2024 | AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order… | |||
| CVE-2023-26509 | 0.00 | — | 0.01 | Jul 3, 2023 | AnyDesk 7.0.8 allows remote Denial of Service. | |||
| CVE-2021-44425 | 0.00 | — | 0.01 | Sep 12, 2022 | An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local… | |||
| CVE-2021-44426 | 0.00 | — | 0.01 | Sep 12, 2022 | An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected… | |||
| CVE-2022-32450 | 0.00 | — | 0.01 | Jul 18, 2022 | AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there. | |||
| CVE-2021-40854 | 0.00 | — | 0.00 | Oct 14, 2021 | AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications. | |||
| CVE-2020-35483 | 0.00 | — | 0.00 | Jan 11, 2021 | AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file. | |||
| CVE-2020-27614 | 0.00 | — | 0.00 | Dec 9, 2020 | AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation. |
- risk 0.64cvss 9.8epss 0.02
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.
- risk 0.51cvss 7.8epss 0.01
AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability.
- risk 0.50cvss 7.5epss 0.01
AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.
- risk 0.45cvss —epss 0.00
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be…
- CVE-2020-13160Jun 9, 2020risk 0.10cvss —epss 0.81
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
- CVE-2016-20094Jun 19, 2026risk 0.00cvss —epss 0.00
AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges…
- CVE-2019-25261Feb 3, 2026risk 0.00cvss —epss 0.00
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations,…
- CVE-2025-27917Nov 6, 2025risk 0.00cvss —epss 0.00
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Remote Denial of Service can occur because of incorrect deserialization that results…
- CVE-2025-27918Nov 6, 2025risk 0.00cvss —epss 0.00
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet…
- CVE-2025-27916Nov 6, 2025risk 0.00cvss —epss 0.00
An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID.
- CVE-2025-27919Nov 6, 2025risk 0.00cvss —epss 0.00
An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the…
- CVE-2024-12754Dec 30, 2024risk 0.00cvss —epss 0.01
AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order…
- CVE-2023-26509Jul 3, 2023risk 0.00cvss —epss 0.01
AnyDesk 7.0.8 allows remote Denial of Service.
- CVE-2021-44425Sep 12, 2022risk 0.00cvss —epss 0.01
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local…
- CVE-2021-44426Sep 12, 2022risk 0.00cvss —epss 0.01
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected…
- CVE-2022-32450Jul 18, 2022risk 0.00cvss —epss 0.01
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.
- CVE-2021-40854Oct 14, 2021risk 0.00cvss —epss 0.00
AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.
- CVE-2020-35483Jan 11, 2021risk 0.00cvss —epss 0.00
AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file.
- CVE-2020-27614Dec 9, 2020risk 0.00cvss —epss 0.00
AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation.