Critical AnyDesk Vulnerability Exploited by Hackers for Unauthorized Admin Access

Ankit Agarwal
Ankit Agarwal

Head of Marketing

 
February 10, 2025
3 min read

Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this vulnerability allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their privileges to administrative levels.

AnyDesk Vulnerability Details

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access

Image courtesy of Hackers Exploit AnyDesk Vulnerability to Gain Admin Access Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this vulnerability allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their privileges to administrative levels. The vulnerability has been categorized under CWE-59 (Path Traversal) with a CVSS score of 5.5 (Medium). As per a report by Cyber Security News, this issue resides in AnyDesk’s process of copying desktop background images during session initiation.

How Attackers Exploit the Vulnerability

AnyDesk copy the existing background image

Image courtesy of GBHackers News When AnyDesk copies the background image, the resulting file inherits ownership and permissions from the SYSTEM account. By default, low-privileged users do not have access to files created in C:\Windows\Temp, as these files are protected by the SYSTEM account.

File Name Pre-Creation

An attacker can pre-create a file in the C:\Windows\Temp directory with the same name as the background image file. Once the vulnerability is triggered, AnyDesk overwrites this file with data from the source image. File Copy performed by AnyDesk

Image courtesy of GBHackers News

Directory Junction Attack

By creating a symbolic link pointing to sensitive system directories, such as \\Device\\HarddiskVolumeShadowCopy1\\Windows\\System32\\CONFIG, attackers can redirect AnyDesk’s file-copying operation to access protected files like the SAM (Security Account Manager), SYSTEM, and SECURITY files. Access Denied

Image courtesy of GBHackers News With access to these files, attackers can extract hashed credentials and machine keys to obtain administrative privileges, enabling full system compromise.

Mitigation and Updates

AnyDesk has released version 9.0.1 to address the vulnerability. Users and organizations are strongly advised to update immediately. Cybersecurity vigilance remains critical as the implications of this vulnerability highlight the need for robust security measures and proactive patch management.

Critical Zimbra Flaws

Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data

Image courtesy of Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data Serious vulnerabilities have been disclosed in Zimbra Collaboration Suite (ZCS), a popular enterprise email and collaboration platform. Researchers have identified several critical flaws that allow attackers to access sensitive data and compromise user accounts.

Key Vulnerabilities

  1. SQL Injection in ZimbraSyncService (CVE-2025-25064): This flaw allows unauthorized data exfiltration or manipulation of backend database records.
  2. SSRF in RSS Feed Parser (CVE-2025-25065): Attackers can redirect requests to internal network endpoints, facilitating lateral movement within networks.
  3. Cross-Site Scripting (XSS) in Classic Web Client (CVE-2024-45516): This vulnerability enables the injection of malicious scripts into user sessions.
  4. CSRF in GraphQL Endpoints: Attackers can perform unauthorized API operations without valid authentication tokens.

These vulnerabilities could lead to data theft, unauthorized account access, and service disruption.

Recommended Actions

Zimbra has released patches addressing the vulnerabilities in its latest updates:

  • Zimbra 9.0.0 Patch 44
  • Zimbra 10.0.13 & 10.1.5

Organizations using older versions are urged to upgrade immediately to mitigate risks. Regular software updates and proactive threat monitoring remain vital in preventing unauthorized access to sensitive data.

GrackerAI's Role in Cybersecurity Marketing

GrackerAI is an AI-powered cybersecurity marketing platform designed to help organizations transform security news into strategic content opportunities. By automating insight generation from industry developments, GrackerAI enables marketing teams to identify emerging trends, monitor threats, and produce technically relevant content that resonates with cybersecurity professionals and decision-makers. Explore how GrackerAI can enhance your cybersecurity marketing efforts by visiting GrackerAI.

Ankit Agarwal
Ankit Agarwal

Head of Marketing

 

Ankit Agarwal is a growth and content strategy professional specializing in SEO-driven and AI-discoverable content for B2B SaaS and cybersecurity companies. He focuses on building editorial and programmatic content systems that help brands rank for high-intent search queries and appear in AI-generated answers. At Gracker, his work combines SEO fundamentals with AEO, GEO, and AI visibility principles to support long-term authority, trust, and organic growth in technical markets.

Related Articles

How to Audit Your AI Citations: The 6-Step Method Security Marketers Use to Find Out Why AI Skips Their Brand
AI visibility audit

How to Audit Your AI Citations: The 6-Step Method Security Marketers Use to Find Out Why AI Skips Their Brand

Learn how to perform an AI citation audit, identify the sources influencing ChatGPT and Perplexity, and improve your brand's AI visibility.

By Deepak Gupta July 9, 2026 7 min read
common.read_full_article
The GEO Playbook for Agencies: How to Help Clients Win AI Search Visibility
GEO playbook

The GEO Playbook for Agencies: How to Help Clients Win AI Search Visibility

A GEO playbook for agencies: a step-by-step framework to audit, monitor, and grow client AI search visibility, plus how to package and resell it.

By Govind Kumar July 10, 2026 9 min read
common.read_full_article
Claude SEO Guide: How to Track, Measure & Improve Your Brand Visibility in Claude AI
Claude SEO

Claude SEO Guide: How to Track, Measure & Improve Your Brand Visibility in Claude AI

Claude SEO guide: track, measure, and improve your brand visibility in Claude AI step by step, with concrete tactics for citations, prompts, and content.

By Deepak Gupta July 9, 2026 10 min read
common.read_full_article
Generative Engine Optimization (GEO): How to Make Your Content AI-Ready
Generative Engine Optimization

Generative Engine Optimization (GEO): How to Make Your Content AI-Ready

Stop chasing blue links. Learn how Generative Engine Optimization (GEO) helps you become the definitive source of truth for AI search engines like ChatGPT.

By David Brown July 9, 2026 6 min read
common.read_full_article