AnyDesk is a remote desktop software that allows users to connect to computers remotely over the internet, offering an easy way to provide technical support or work on tasks from a distance. Please note that AnyDesk can be used in Portable or Installed methods. Wiz detects installation files that potentially can be used as portable installations. If you use Install mode, you can discard the detection.

AnyDesk

AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.

CVE-2025-34499

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-27918	CRITICAL	9.8	AnyDesk	anydesk	No	Yes	Nov 06, 2025
CVE-2025-27919	HIGH	8.2	AnyDesk	cpe:2.3:a:anydesk:anydesk	No	Yes	Nov 06, 2025
CVE-2025-27917	HIGH	7.5	AnyDesk	cpe:2.3:a:anydesk:anydesk	No	Yes	Nov 06, 2025
CVE-2025-27916	HIGH	7.5	AnyDesk	cpe:2.3:a:anydesk:anydesk	No	Yes	Nov 06, 2025
CVE-2025-34499	MEDIUM	6.9	AnyDesk	cpe:2.3:a:anydesk:anydesk	No	Yes	Dec 11, 2025

CVE-2025-34499:
AnyDesk vulnerability analysis and mitigation

6.9

Related AnyDesk vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-34499: AnyDesk vulnerability analysis and mitigation