Primary

Context

AnyDesk Unquoted Service Path Vulnerability Allowing Local Privilege Escalation

Vulnerability

A vulnerability exists in AnyDesk version 5.4.0 due to an unquoted service path in its Windows service configuration. This flaw allows local attackers to inject malicious executables. Exploitation of the unquoted binary path could enable the placement of harmful files in service executable locations, potentially leading to elevated system privileges.

Impact

Exploitation of this vulnerability could allow local attackers to gain elevated system privileges by injecting malicious executables into service executable locations.

Reproduction

The vulnerability can be reproduced by exploiting the unquoted service path of the AnyDesk application. This can be done by placing a malicious executable in a location that the AnyDesk service will execute it from, taking advantage of the fact that the service path is not properly quoted.

Added: Feb 3, 2026, 3:53 PM

Updated: Feb 3, 2026, 5:24 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AnyDesk Unquoted Service Path Vulnerability Allowing Local Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

AnyDesk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating