CVE-2025-27918 is a critical security vulnerability identified in AnyDesk remote desktop software versions prior to 9.0.5 on Windows, 9.0.1 on macOS, 7.0.0 on Linux, 7.1.2 on iOS, and 8.0.0 on Android. The vulnerability stems from an integer overflow leading to a heap-based buffer overflow triggered by specially crafted UDP packets. These packets are processed during the Discovery feature, which allows AnyDesk clients to detect other clients on the network, or during the establishment of connections between two clients. The integer overflow (CWE-190) causes improper memory allocation or boundary checks, enabling attackers to overwrite heap memory. This can result in arbitrary code execution, complete system compromise, or denial of service. The vulnerability is remotely exploitable without any authentication or user interaction, requiring only network access to the affected client. The CVSS v3.1 score of 9.8 reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no privileges needed. Although no public exploits are currently known, the severity and ease of exploitation make this a critical threat. The vulnerability affects all major operating systems supported by AnyDesk, increasing the attack surface significantly. Given AnyDesk's widespread use for remote support and administration, exploitation could lead to unauthorized access to sensitive systems and data.

For European organizations, the impact of CVE-2025-27918 is substantial. AnyDesk is widely used across Europe for remote desktop access in corporate, governmental, and critical infrastructure environments. Successful exploitation could allow attackers to execute arbitrary code remotely, leading to data breaches, espionage, ransomware deployment, or disruption of essential services. The vulnerability compromises confidentiality by exposing sensitive information accessible via remote sessions, integrity by allowing unauthorized changes to systems, and availability by potentially crashing or disabling affected clients. The lack of required authentication and user interaction means attackers can target vulnerable systems en masse, increasing the risk of widespread compromise. Sectors such as finance, healthcare, manufacturing, and public administration are particularly at risk due to their reliance on remote access tools and the sensitivity of their data. Additionally, the cross-platform nature of the vulnerability means that diverse IT environments are vulnerable, complicating defense efforts.

1. Apply patches immediately once AnyDesk releases fixed versions for all affected platforms. Monitor AnyDesk’s official channels for updates. 2. Until patches are available, restrict UDP traffic related to AnyDesk at network perimeters using firewalls or intrusion prevention systems to limit exposure to untrusted networks. 3. Disable the Discovery feature if not required, as it is involved in the vulnerability trigger. 4. Implement network segmentation to isolate AnyDesk clients from sensitive systems and critical infrastructure. 5. Deploy enhanced network monitoring and anomaly detection to identify suspicious UDP packets or unusual AnyDesk connection attempts. 6. Educate IT and security teams about this vulnerability to ensure rapid incident response if exploitation attempts are detected. 7. Consider alternative secure remote access solutions temporarily if patching or mitigation is delayed. 8. Review and tighten AnyDesk configuration settings to minimize attack surface, including limiting inbound connections and enforcing strong authentication where possible.