Critical AnyDesk Vulnerability Exploited by Hackers for Unauthorized Admin Access

Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this vulnerability allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their privileges to administrative levels.

AnyDesk Vulnerability Details

Image courtesy of Hackers Exploit AnyDesk Vulnerability to Gain Admin Access Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this vulnerability allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their privileges to administrative levels. The vulnerability has been categorized under CWE-59 (Path Traversal) with a CVSS score of 5.5 (Medium). As per a report by Cyber Security News, this issue resides in AnyDesk’s process of copying desktop background images during session initiation.

How Attackers Exploit the Vulnerability

Image courtesy of GBHackers News When AnyDesk copies the background image, the resulting file inherits ownership and permissions from the SYSTEM account. By default, low-privileged users do not have access to files created in C:\Windows\Temp, as these files are protected by the SYSTEM account.

File Name Pre-Creation

An attacker can pre-create a file in the C:\Windows\Temp directory with the same name as the background image file. Once the vulnerability is triggered, AnyDesk overwrites this file with data from the source image. Image courtesy of GBHackers News

Directory Junction Attack

By creating a symbolic link pointing to sensitive system directories, such as \\Device\\HarddiskVolumeShadowCopy1\\Windows\\System32\\CONFIG, attackers can redirect AnyDesk’s file-copying operation to access protected files like the SAM (Security Account Manager), SYSTEM, and SECURITY files. Image courtesy of GBHackers News With access to these files, attackers can extract hashed credentials and machine keys to obtain administrative privileges, enabling full system compromise.

Mitigation and Updates

AnyDesk has released version 9.0.1 to address the vulnerability. Users and organizations are strongly advised to update immediately. Cybersecurity vigilance remains critical as the implications of this vulnerability highlight the need for robust security measures and proactive patch management.

Critical Zimbra Flaws

Image courtesy of Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data Serious vulnerabilities have been disclosed in Zimbra Collaboration Suite (ZCS), a popular enterprise email and collaboration platform. Researchers have identified several critical flaws that allow attackers to access sensitive data and compromise user accounts.

Key Vulnerabilities

1. SQL Injection in ZimbraSyncService (CVE-2025-25064): This flaw allows unauthorized data exfiltration or manipulation of backend database records.
2. SSRF in RSS Feed Parser (CVE-2025-25065): Attackers can redirect requests to internal network endpoints, facilitating lateral movement within networks.
3. Cross-Site Scripting (XSS) in Classic Web Client (CVE-2024-45516): This vulnerability enables the injection of malicious scripts into user sessions.
4. CSRF in GraphQL Endpoints: Attackers can perform unauthorized API operations without valid authentication tokens.

These vulnerabilities could lead to data theft, unauthorized account access, and service disruption.

Recommended Actions

Zimbra has released patches addressing the vulnerabilities in its latest updates:

• Zimbra 9.0.0 Patch 44
• Zimbra 10.0.13 & 10.1.5

Organizations using older versions are urged to upgrade immediately to mitigate risks. Regular software updates and proactive threat monitoring remain vital in preventing unauthorized access to sensitive data.

GrackerAI's Role in Cybersecurity Marketing

GrackerAI is an AI-powered cybersecurity marketing platform designed to help organizations transform security news into strategic content opportunities. By automating insight generation from industry developments, GrackerAI enables marketing teams to identify emerging trends, monitor threats, and produce technically relevant content that resonates with cybersecurity professionals and decision-makers. Explore how GrackerAI can enhance your cybersecurity marketing efforts by visiting GrackerAI.