CVE-2025-27918
Published: 06 November 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27918 is an integer overflow vulnerability (CWE-190) that leads to a heap-based buffer overflow in multiple AnyDesk client versions. It affects AnyDesk for Windows prior to 9.0.5, macOS prior to 9.0.1, Linux prior to 7.0.0, iOS prior to 7.1.2, and Android prior to 8.0.0. The flaw occurs when processing a malicious UDP packet containing an Identity user image in the Discovery feature or during connection establishment between clients, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Any unauthenticated attacker on the network can exploit this remotely with low complexity and no user interaction by sending a crafted UDP packet to a vulnerable AnyDesk client. Successful exploitation enables arbitrary code execution with high confidentiality, integrity, and availability impacts, potentially allowing full remote control of the affected system.
Mitigation requires updating to the fixed versions: AnyDesk for Windows 9.0.5 or later, macOS 9.0.1 or later, Linux 7.0.0 or later, iOS 7.1.2 or later, and Android 8.0.0 or later. Details on patches are available in the AnyDesk Windows changelog at https://anydesk.com/en/changelog/windows, with additional technical analysis in the report at https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated remote code execution via crafted UDP packet to AnyDesk client discovery feature or connection establishment directly enables exploitation of a public-facing application.