Vulnerability Database

318,275

Total vulnerabilities in the database

CVE-2022-32450

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.

Published: Jul 18, 2022
Updated: Nov 16, 2025
CVE: CVE-2022-32450
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
anydesk / anydesk	7.0.9	7.0.9.x

http://anydesk.com
http://packetstormsecurity.com/files/167608/AnyDesk-7.0.9-Arbitrary-File-Write-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2022/Jul/9
https://seclists.org/fulldisclosure/2022/Jun/44

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo