Nixpkgs Security Tracker

Permalink CVE-2019-25261

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 2 weeks ago
@LeSuisse dismissed 1 month, 2 weeks ago

AnyDesk 5.4.0 - Unquoted Service Path

AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining elevated system privileges.

References

ExploitDB-47883 exploit
Official Vendor Homepage product
VulnCheck Advisory: AnyDesk 5.4.0 - Unquoted Service Path third-party-advisory

Affected products

AnyDesk

==5.4.0

Matching in nixpkgs

pkgs.anydesk

Desktop sharing application, providing remote support and online meetings

nixos-unstable 7.1.0
- nixpkgs-unstable 7.1.0
- nixos-unstable-small 7.1.0
nixos-25.11 -
- nixos-25.11-small 7.1.0
- nixpkgs-25.11-darwin 7.1.0

Package maintainers

@shyim Soner Sayakci <s.sayakci@gmail.com>

Current stable branch was never impacted.

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.anydesk

Package maintainers