Primary

Context

AnyDesk Remote Settings Manipulation Vulnerability Allowing Unauthorized Password Creation for Full Access Profile

Vulnerability

Patched

A vulnerability exists in AnyDesk versions through 9.0.4, allowing a remotely connected user with 'Control my device' permission to alter remote AnyDesk settings. The user can create a password for the Full Access profile without requiring confirmation from the other party. This enables the user to connect later without needing counterparty approval.

Impact

Exploitation of this vulnerability allows for unauthorized access to a user's device via the Full Access profile, bypassing the usual confirmation process.

Added: Nov 6, 2025, 6:31 PM

Updated: Nov 6, 2025, 7:52 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

5.0

exploitability

3.3

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

5.0

exploitability

3.3

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AnyDesk Remote Settings Manipulation Vulnerability Allowing Unauthorized Password Creation for Full Access Profile

Vulnerability

Impact

Affected Products

AnyDesk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating