CVE-2025-27918: n/a
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing of an Identity user image within the Discovery feature, or when establishing a connection between any two clients.
AI Analysis
Technical Summary
CVE-2025-27918 is a critical security vulnerability identified in AnyDesk remote desktop software versions prior to 9.0.5 on Windows, 9.0.1 on macOS, 7.0.0 on Linux, 7.1.2 on iOS, and 8.0.0 on Android. The vulnerability stems from an integer overflow leading to a heap-based buffer overflow triggered by specially crafted UDP packets. These packets are processed during the Discovery feature, which allows AnyDesk clients to detect other clients on the network, or during the establishment of connections between two clients. The integer overflow (CWE-190) causes improper memory allocation or boundary checks, enabling attackers to overwrite heap memory. This can result in arbitrary code execution, complete system compromise, or denial of service. The vulnerability is remotely exploitable without any authentication or user interaction, requiring only network access to the affected client. The CVSS v3.1 score of 9.8 reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no privileges needed. Although no public exploits are currently known, the severity and ease of exploitation make this a critical threat. The vulnerability affects all major operating systems supported by AnyDesk, increasing the attack surface significantly. Given AnyDesk's widespread use for remote support and administration, exploitation could lead to unauthorized access to sensitive systems and data.
Potential Impact
For European organizations, the impact of CVE-2025-27918 is substantial. AnyDesk is widely used across Europe for remote desktop access in corporate, governmental, and critical infrastructure environments. Successful exploitation could allow attackers to execute arbitrary code remotely, leading to data breaches, espionage, ransomware deployment, or disruption of essential services. The vulnerability compromises confidentiality by exposing sensitive information accessible via remote sessions, integrity by allowing unauthorized changes to systems, and availability by potentially crashing or disabling affected clients. The lack of required authentication and user interaction means attackers can target vulnerable systems en masse, increasing the risk of widespread compromise. Sectors such as finance, healthcare, manufacturing, and public administration are particularly at risk due to their reliance on remote access tools and the sensitivity of their data. Additionally, the cross-platform nature of the vulnerability means that diverse IT environments are vulnerable, complicating defense efforts.
Mitigation Recommendations
1. Apply patches immediately once AnyDesk releases fixed versions for all affected platforms. Monitor AnyDesk’s official channels for updates. 2. Until patches are available, restrict UDP traffic related to AnyDesk at network perimeters using firewalls or intrusion prevention systems to limit exposure to untrusted networks. 3. Disable the Discovery feature if not required, as it is involved in the vulnerability trigger. 4. Implement network segmentation to isolate AnyDesk clients from sensitive systems and critical infrastructure. 5. Deploy enhanced network monitoring and anomaly detection to identify suspicious UDP packets or unusual AnyDesk connection attempts. 6. Educate IT and security teams about this vulnerability to ensure rapid incident response if exploitation attempts are detected. 7. Consider alternative secure remote access solutions temporarily if patching or mitigation is delayed. 8. Review and tighten AnyDesk configuration settings to minimize attack surface, including limiting inbound connections and enforcing strong authentication where possible.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain, Sweden, Belgium, Poland, Switzerland
CVE-2025-27918: n/a
Description
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing of an Identity user image within the Discovery feature, or when establishing a connection between any two clients.
AI-Powered Analysis
Technical Analysis
CVE-2025-27918 is a critical security vulnerability identified in AnyDesk remote desktop software versions prior to 9.0.5 on Windows, 9.0.1 on macOS, 7.0.0 on Linux, 7.1.2 on iOS, and 8.0.0 on Android. The vulnerability stems from an integer overflow leading to a heap-based buffer overflow triggered by specially crafted UDP packets. These packets are processed during the Discovery feature, which allows AnyDesk clients to detect other clients on the network, or during the establishment of connections between two clients. The integer overflow (CWE-190) causes improper memory allocation or boundary checks, enabling attackers to overwrite heap memory. This can result in arbitrary code execution, complete system compromise, or denial of service. The vulnerability is remotely exploitable without any authentication or user interaction, requiring only network access to the affected client. The CVSS v3.1 score of 9.8 reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no privileges needed. Although no public exploits are currently known, the severity and ease of exploitation make this a critical threat. The vulnerability affects all major operating systems supported by AnyDesk, increasing the attack surface significantly. Given AnyDesk's widespread use for remote support and administration, exploitation could lead to unauthorized access to sensitive systems and data.
Potential Impact
For European organizations, the impact of CVE-2025-27918 is substantial. AnyDesk is widely used across Europe for remote desktop access in corporate, governmental, and critical infrastructure environments. Successful exploitation could allow attackers to execute arbitrary code remotely, leading to data breaches, espionage, ransomware deployment, or disruption of essential services. The vulnerability compromises confidentiality by exposing sensitive information accessible via remote sessions, integrity by allowing unauthorized changes to systems, and availability by potentially crashing or disabling affected clients. The lack of required authentication and user interaction means attackers can target vulnerable systems en masse, increasing the risk of widespread compromise. Sectors such as finance, healthcare, manufacturing, and public administration are particularly at risk due to their reliance on remote access tools and the sensitivity of their data. Additionally, the cross-platform nature of the vulnerability means that diverse IT environments are vulnerable, complicating defense efforts.
Mitigation Recommendations
1. Apply patches immediately once AnyDesk releases fixed versions for all affected platforms. Monitor AnyDesk’s official channels for updates. 2. Until patches are available, restrict UDP traffic related to AnyDesk at network perimeters using firewalls or intrusion prevention systems to limit exposure to untrusted networks. 3. Disable the Discovery feature if not required, as it is involved in the vulnerability trigger. 4. Implement network segmentation to isolate AnyDesk clients from sensitive systems and critical infrastructure. 5. Deploy enhanced network monitoring and anomaly detection to identify suspicious UDP packets or unusual AnyDesk connection attempts. 6. Educate IT and security teams about this vulnerability to ensure rapid incident response if exploitation attempts are detected. 7. Consider alternative secure remote access solutions temporarily if patching or mitigation is delayed. 8. Review and tighten AnyDesk configuration settings to minimize attack surface, including limiting inbound connections and enforcing strong authentication where possible.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-03-10T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 690cd9af1c9f718888294813
Added to database: 11/6/2025, 5:23:59 PM
Last enriched: 12/8/2025, 5:50:34 PM
Last updated: 12/22/2025, 3:45:43 PM
Views: 201
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-67826: n/a
HighCVE-2025-61740: CWE-346 Origin Validation Error in Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
HighCVE-2025-26379: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
HighCVE-2025-14018: CWE-428 Unquoted Search Path or Element in NetBT Consulting Services Inc. e-Fatura
HighCVE-2025-54890: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Centreon Infra Monitoring
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.