CVE-2025-34499

MEDIUM

AnyDesk 7.0.15,9.0.1 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-34499. PoCs published by Parastou Razi, Milad karimi.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in AnyDesk 9.0.1, which could allow local privilege escalation (LPE) due to the service path being unquoted and running with SYSTEM privileges. The provided output from `sc qc anydesk` confirms the vulnerable configuration.

Description

AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.

Exploits (2)

exploitdb WRITEUP
by Parastou Razi · textlocalwindows
https://www.exploit-db.com/exploits/52258

This is a writeup describing an unquoted service path vulnerability in AnyDesk 9.0.1, which could allow local privilege escalation (LPE) due to the service path being unquoted and running with SYSTEM privileges. The provided output from `sc qc anydesk` confirms the vulnerable configuration.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: AnyDesk 9.0.1
Auth required
Prerequisites: Local access to the system · Ability to write to the root of C:\ or another directory in the unquoted path
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
by Milad karimi · textlocalwindows
https://www.exploit-db.com/exploits/51968

This is a writeup describing an unquoted service path vulnerability in AnyDesk 7.0.15, which could allow local privilege escalation (LPE) due to the service path not being enclosed in quotes. The provided output demonstrates the service configuration and OS details but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: AnyDesk 7.0.15
Auth required
Prerequisites: Local access to the system · Ability to write to the root of C:\
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/52258
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/51968
Various Sources product
http://anydesk.com
Various Sources product
http://anydesk.com/download

Scores

CVSS v4 6.9
EPSS 0.0009
EPSS Percentile 26.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-428
Status published
Products (2)
AnyDesk/AnyDesk 7.0.15
AnyDesk/AnyDesk 9.0.1
Published Dec 11, 2025
Tracked Since Feb 18, 2026