CVE-2025-34499
Description
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-34499? +
How do I check if I'm vulnerable to CVE-2025-34499? +
Related Vulnerabilities
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted …
The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker …
Unquoted Search Path or Element vulnerability in OpenText™ Service Manager. The vulnerability could allow a user to gain SYSTEM privileges …
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges …
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. …
The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write …