Security Advisory

CVE-2025-27919

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-06 00:00:00
Last updated 2025-11-12 17:01:50
Assigner mitre
State PUBLISHED

Description

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation.