CVE-2025-27919 is a security vulnerability identified in AnyDesk remote desktop software versions through 9.0.4. The flaw allows a remote user who already has the 'Control my device' permission to escalate their privileges by manipulating the remote AnyDesk settings without the consent of the device owner. Specifically, the attacker can set a password for the Full Access profile remotely, bypassing the usual confirmation prompt that protects against unauthorized persistent access. Once the password is set, the attacker can reconnect to the compromised device at any time without requiring further approval from the legitimate user. This vulnerability effectively undermines the security model of AnyDesk, which relies on user confirmation to prevent unauthorized access. The vulnerability does not require additional authentication beyond the initial control permission, nor does it require further user interaction after exploitation. Although no exploits have been reported in the wild yet, the potential for abuse is significant, especially in environments where AnyDesk is used for sensitive remote administration or support. The lack of a CVSS score indicates that the vulnerability is newly published and not yet fully assessed, but the technical details suggest a high risk due to the ability to gain persistent unauthorized access. No official patches or mitigation links are currently provided, highlighting the urgency for affected users to monitor for updates or apply workarounds.

For European organizations, this vulnerability poses a serious threat to the confidentiality, integrity, and availability of systems accessed via AnyDesk. Attackers who gain control can establish persistent backdoor access, bypassing user consent mechanisms and potentially leading to data theft, unauthorized system changes, or further lateral movement within networks. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely on AnyDesk for remote support or administration are particularly vulnerable. The ability to set a Full Access password remotely could facilitate long-term espionage or sabotage campaigns. Additionally, the breach of trust in remote access tools can disrupt business continuity and damage reputations. The absence of known exploits in the wild provides a window for proactive mitigation, but the ease of exploitation once control is obtained means that any compromised session could lead to severe consequences. European data protection regulations, including GDPR, may also impose legal and financial penalties if unauthorized access leads to data breaches.

European organizations should immediately audit AnyDesk usage and restrict 'Control my device' permissions to trusted users only. Implement strict access controls and monitor remote sessions for unusual activity. Until a patch is released, consider disabling AnyDesk or replacing it with alternative remote access solutions that do not exhibit this vulnerability. Employ network segmentation to limit the exposure of critical systems accessible via AnyDesk. Use endpoint detection and response (EDR) tools to detect unauthorized configuration changes or suspicious authentication attempts. Educate users about the risks of granting remote control permissions and enforce multi-factor authentication (MFA) where possible to reduce the risk of initial compromise. Regularly check AnyDesk vendor communications for patches or official mitigation guidance and apply updates promptly once available. Additionally, maintain comprehensive logging of remote sessions to support incident investigation if exploitation occurs.