CVE-2025-27917 – This vulnerability allows remote attackers to c... (How to Fix)

Q: What is the severity of CVE-2025-27917?

CVE-2025-27917 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to cause a denial of service in AnyDesk clients through incorrect deserialization that leads to memory allocation failures and NULL pointer dereferences. It affects AnyDesk users on Windows, macOS, Linux, iOS, and Android platforms. The vulnerability can be triggered remotely without authentication.

📋 TL;DR

This vulnerability allows remote attackers to cause a denial of service in AnyDesk clients through incorrect deserialization that leads to memory allocation failures and NULL pointer dereferences. It affects AnyDesk users on Windows, macOS, Linux, iOS, and Android platforms. The vulnerability can be triggered remotely without authentication.

💻 Affected Systems

Products:

AnyDesk for Windows
AnyDesk for macOS
AnyDesk for Linux
AnyDesk for iOS
AnyDesk for Android

Versions: Windows: before 9.0.5, macOS: before 9.0.1, Linux: before 7.0.0, iOS: before 7.1.2, Android: before 8.0.0

Operating Systems: Windows, macOS, Linux, iOS, Android

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. The vulnerability is in the client software, not the AnyDesk service infrastructure.

📦 What is this software?

Anydesk by Anydesk

View all CVEs affecting Anydesk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers can crash AnyDesk client applications, disrupting remote access sessions and potentially causing service unavailability for affected systems.

🟠

Likely Case

Remote denial of service causing AnyDesk client crashes, requiring application restart and interrupting active remote sessions.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to denial of service for the AnyDesk application only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network access to the AnyDesk client but no authentication. Exploitation details are documented in academic research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Windows: 9.0.5+, macOS: 9.0.1+, Linux: 7.0.0+, iOS: 7.1.2+, Android: 8.0.0+

Vendor Advisory: https://anydesk.com/en/changelog/windows

Restart Required: Yes

Instructions:

1. Download latest AnyDesk version from official website 2. Install over existing installation 3. Restart AnyDesk service/application 4. Verify version is updated

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to AnyDesk clients using firewall rules

# Example firewall rule to block AnyDesk ports
# Windows: netsh advfirewall firewall add rule name="Block AnyDesk" dir=in action=block protocol=TCP localport=6568,7070
# Linux: sudo iptables -A INPUT -p tcp --dport 6568 -j DROP && sudo iptables -A INPUT -p tcp --dport 7070 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit who can connect to AnyDesk clients
Monitor for AnyDesk application crashes and investigate any unusual patterns

🔍 How to Verify

Check if Vulnerable:

Check AnyDesk version against affected version ranges. On Windows: Help > About; On Linux: anydesk --version; On macOS: AnyDesk menu > About AnyDesk

Check Version:

Windows: anydesk.exe --version, Linux: anydesk --version, macOS: /Applications/AnyDesk.app/Contents/MacOS/AnyDesk --version

Verify Fix Applied:

Confirm version is equal to or higher than patched versions: Windows 9.0.5+, macOS 9.0.1+, Linux 7.0.0+, iOS 7.1.2+, Android 8.0.0+

📡 Detection & Monitoring

Log Indicators:

AnyDesk application crash logs
Unexpected termination of AnyDesk process
Error logs containing memory allocation failures or NULL pointer references

Network Indicators:

Unusual traffic patterns to AnyDesk default ports (6568, 7070)
Multiple connection attempts followed by service disruption

SIEM Query:

source="AnyDesk" AND (event_type="crash" OR message="*memory*" OR message="*NULL*" OR message="*deserialization*")

📊 Metadata

CVE ID: CVE-2025-27917

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.28% exploit probability (51th percentile)

Published: November 6, 2025

Last Updated: December 8, 2025

🔗 References

https://anydesk.com/en/changelog/windows Release Notes
https://dspace.cvut.cz/bitstream/handle/10467/122721/F8-DP-2025-Krejsa-Vojtech-DP_Krejsa_Vojtech_2025.pdf Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27917, you might also want to check these: