anydesk 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、バッファオーバーフロー、vendor risk memory corruption, and vendor risk input validation があり、vendor surface software deployment and vendor surface production workloads の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2019-25261 | AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining elevated system privileges. | [email protected] | 8.5 | 0.01% | 2026-02-03 | 2026-02-25 |
| CVE-2025-27919 | An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation. | [email protected] | 8.2 | 0.06% | 2025-11-06 | 2025-11-12 |
| CVE-2025-27918 | An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing of an Identity user image within the Discovery feature, or when establishing a connection between any two clients. | [email protected] | 9.8 | 0.05% | 2025-11-06 | 2025-12-08 |
| CVE-2025-27917 | An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Remote Denial of Service can occur because of incorrect deserialization that results in failed memory allocation and a NULL pointer dereference. | [email protected] | 7.5 | 0.51% | 2025-11-06 | 2025-12-08 |
| CVE-2025-27916 | An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID. | [email protected] | 7.5 | 0.05% | 2025-11-06 | 2025-12-08 |
| CVE-2024-12754 | AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerabil | [email protected] | 5.5 | 4.49% | 2024-12-30 | 2025-08-14 |
| CVE-2023-26509 | AnyDesk 7.0.8 allows remote Denial of Service. | [email protected] | 7.5 | 0.27% | 2023-07-03 | 2024-11-21 |
| CVE-2021-44426 | An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim. | [email protected] | 8.8 | 0.45% | 2022-09-12 | 2024-11-21 |
| CVE-2021-44425 | An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port). | [email protected] | 6.5 | 0.11% | 2022-09-12 | 2024-11-21 |
| CVE-2022-32450 | AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there. | [email protected] | 7.1 | 0.09% | 2022-07-18 | 2024-11-21 |
| CVE-2021-40854 | AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications. | [email protected] | 7.8 | 0.04% | 2021-10-14 | 2024-11-21 |
| CVE-2020-35483 | AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file. | [email protected] | 7.8 | 0.06% | 2021-01-11 | 2024-11-21 |
| CVE-2020-27614 | AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation. | [email protected] | 7.8 | 0.04% | 2020-12-09 | 2024-11-21 |
| CVE-2020-13160 | AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | [email protected] | 9.8 | 88.83% | 2020-06-09 | 2024-11-21 |
| CVE-2018-13102 | AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. | [email protected] | 7.8 | 0.26% | 2018-07-03 | 2024-11-21 |
| CVE-2017-14397 | AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. | [email protected] | 9.8 | 0.49% | 2017-09-12 | 2026-05-13 |