CVE-2025-27916
HIGHAnyDesk < 9.0.4 - Authentication Bypass by Spoofing via IP Address Manipulation
Title source: llmDescription
An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID.
References (2)
Core 2
Core References
Release Notes
https://anydesk.com/en/changelog/windows
Exploit, Third Party Advisory
https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf
Scores
CVSS v3
7.5
EPSS
0.0026
EPSS Percentile
16.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-290
Status
published
Products (1)
anydesk/anydesk
< 9.0.4
Published
Nov 06, 2025
Tracked Since
Feb 18, 2026