CVE-2025-27916

Published: Nov 6, 2025Modified: Dec 8, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID.

Affected (1)

Products: Anydesk: Anydesk

Anydesk

1 product

Anydesk

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Anydesk Anydesk	Up to 9.0.4

Related CWEs

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (2)

https://anydesk.com/en/changelog/windows

Source: cve@mitre.org

Release Notes

https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.