CVE-2025-27916

HIGH

Anydesk < 9.0.4 - Authentication Bypass by Spoofing

Title source: rule

Description

An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID.

References (2)

[Release Notes] https://anydesk.com/en/changelog/windows

[Exploit, Third Party Advisory] https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 16.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (1)

anydesk/anydesk < 9.0.4

Published Nov 06, 2025

Tracked Since Feb 18, 2026