Critical AnyDesk Vulnerability Exploited by Hackers for Unauthorized Admin Access

Ankit Agarwal
Ankit Agarwal

Head of Marketing

 
February 10, 2025
3 min read

Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this vulnerability allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their privileges to administrative levels.

AnyDesk Vulnerability Details

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access

Image courtesy of Hackers Exploit AnyDesk Vulnerability to Gain Admin Access Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this vulnerability allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their privileges to administrative levels. The vulnerability has been categorized under CWE-59 (Path Traversal) with a CVSS score of 5.5 (Medium). As per a report by Cyber Security News, this issue resides in AnyDesk’s process of copying desktop background images during session initiation.

How Attackers Exploit the Vulnerability

AnyDesk copy the existing background image

Image courtesy of GBHackers News When AnyDesk copies the background image, the resulting file inherits ownership and permissions from the SYSTEM account. By default, low-privileged users do not have access to files created in C:\Windows\Temp, as these files are protected by the SYSTEM account.

File Name Pre-Creation

An attacker can pre-create a file in the C:\Windows\Temp directory with the same name as the background image file. Once the vulnerability is triggered, AnyDesk overwrites this file with data from the source image. File Copy performed by AnyDesk

Image courtesy of GBHackers News

Directory Junction Attack

By creating a symbolic link pointing to sensitive system directories, such as \\Device\\HarddiskVolumeShadowCopy1\\Windows\\System32\\CONFIG, attackers can redirect AnyDesk’s file-copying operation to access protected files like the SAM (Security Account Manager), SYSTEM, and SECURITY files. Access Denied

Image courtesy of GBHackers News With access to these files, attackers can extract hashed credentials and machine keys to obtain administrative privileges, enabling full system compromise.

Mitigation and Updates

AnyDesk has released version 9.0.1 to address the vulnerability. Users and organizations are strongly advised to update immediately. Cybersecurity vigilance remains critical as the implications of this vulnerability highlight the need for robust security measures and proactive patch management.

Critical Zimbra Flaws

Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data

Image courtesy of Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data Serious vulnerabilities have been disclosed in Zimbra Collaboration Suite (ZCS), a popular enterprise email and collaboration platform. Researchers have identified several critical flaws that allow attackers to access sensitive data and compromise user accounts.

Key Vulnerabilities

  1. SQL Injection in ZimbraSyncService (CVE-2025-25064): This flaw allows unauthorized data exfiltration or manipulation of backend database records.
  2. SSRF in RSS Feed Parser (CVE-2025-25065): Attackers can redirect requests to internal network endpoints, facilitating lateral movement within networks.
  3. Cross-Site Scripting (XSS) in Classic Web Client (CVE-2024-45516): This vulnerability enables the injection of malicious scripts into user sessions.
  4. CSRF in GraphQL Endpoints: Attackers can perform unauthorized API operations without valid authentication tokens.

These vulnerabilities could lead to data theft, unauthorized account access, and service disruption.

Recommended Actions

Zimbra has released patches addressing the vulnerabilities in its latest updates:

  • Zimbra 9.0.0 Patch 44
  • Zimbra 10.0.13 & 10.1.5

Organizations using older versions are urged to upgrade immediately to mitigate risks. Regular software updates and proactive threat monitoring remain vital in preventing unauthorized access to sensitive data.

GrackerAI's Role in Cybersecurity Marketing

GrackerAI is an AI-powered cybersecurity marketing platform designed to help organizations transform security news into strategic content opportunities. By automating insight generation from industry developments, GrackerAI enables marketing teams to identify emerging trends, monitor threats, and produce technically relevant content that resonates with cybersecurity professionals and decision-makers. Explore how GrackerAI can enhance your cybersecurity marketing efforts by visiting GrackerAI.

Ankit Agarwal
Ankit Agarwal

Head of Marketing

 

Ankit Agarwal is a growth and content strategy professional specializing in SEO-driven and AI-discoverable content for B2B SaaS and cybersecurity companies. He focuses on building editorial and programmatic content systems that help brands rank for high-intent search queries and appear in AI-generated answers. At Gracker, his work combines SEO fundamentals with AEO, GEO, and AI visibility principles to support long-term authority, trust, and organic growth in technical markets.

Related Articles

How to Track Brand Mentions in AI Search (Complete 2026 Guide)
track brand mentions in ai search

How to Track Brand Mentions in AI Search (Complete 2026 Guide)

Stop measuring clicks. Learn how to track 'Share of Model' (SoM) and monitor your brand mentions in AI search engines like ChatGPT and Perplexity.

By Ankit Agarwal May 25, 2026 6 min read
common.read_full_article
Why AI Search Engines Pick the Same Three DSPM Vendors - And What It Means for the Rest of the Category
DSPM vendors

Why AI Search Engines Pick the Same Three DSPM Vendors - And What It Means for the Rest of the Category

Discover why AI search engines favor the same DSPM vendors and what it means for visibility, competition, and the future of the category.

By Deepak Gupta May 25, 2026 11 min read
common.read_full_article
What the Major AI Engines Recommend in Network Security: A 2026 Analysis
AI engines network security

What the Major AI Engines Recommend in Network Security: A 2026 Analysis

Explore what major AI engines recommend in network security in 2026 and how AI search visibility is shaping cybersecurity competition.

By Govind Kumar May 25, 2026 6 min read
common.read_full_article
The Architecture of Retrieval: Overcoming "Vector Displacement" in Generative Search
Fix drop in AI citations

The Architecture of Retrieval: Overcoming "Vector Displacement" in Generative Search

Recover from 0% AI search visibility with our technical guide on Vector Displacement and RAG optimization. Learn how Gracker AI realigns brand entities for high-confidence citations in SearchGPT, Perplexity, and Gemini

By David Brown May 25, 2026 3 min read
common.read_full_article