QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34499

Published: Dec 11, 2025

Modified: Mar 5, 2026

PUBLISHED

Description

AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.

Vendor	Product	Versions
AnyDesk	AnyDesk	affected `7.0.15` affected `9.0.1`

Weaknesses (CWE)

References

ExploitDB-52258

exploit

ExploitDB-51968

exploit

AnyDesk Homepage

product

AnyDesk Software Link

product

VulnCheck Advisory: AnyDesk 9.0.1 Unquoted Service Path Privilege Escalation Vulnerability

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.