CVE-2025-27918CRITICAL 9.8EPSS p34.5%

CVE-2025-27918CVE-2025-27918

Description

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing of an Identity user image within the Discovery feature, or when establishing a connection between any two clients.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.43% probability of exploitation · percentile 34.5% · 2026-06-18T12:00:27Z
Published2025-11-06
Last modified2025-12-08

Underlying weaknesses· 1

CWE-190

References

  1. https://anydesk.com/en/changelog/windows
  2. https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf

1

TypeTargetConfidenceTier
WeaknessInteger Overflow or Wraparoundcwe-1900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-27919
CVE
CVE-2025-29967
CVE
CVE-2026-42909
CVE
CVE-2025-29966
CVE
CVE-2026-42985
CVE
CVE-2026-47289
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.