CVE-2025-27919HIGH 8.2EPSS p16.9%

CVE-2025-27919CVE-2025-27919

Description

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS0.26% probability of exploitation · percentile 16.9% · 2026-06-18T12:00:27Z
Published2025-11-06
Last modified2025-11-12

Underlying weaknesses· 1

CWE-284

References

  1. https://anydesk.com/en/changelog/windows
  2. https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-27918
CVE
ConnectWise ScreenConnect Authentication Bypass Vulnerability
CVE
CVE-2025-21309
CVE
CVE-2026-24789
CVE
CVE-2025-8310
CVE
CVE-2026-27928
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.