Critical AnyDesk Vulnerability Exploited by Hackers for Unauthorized Admin Access

Ankit Agarwal
Ankit Agarwal

Growth Hacker

 
February 10, 2025 3 min read

Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this vulnerability allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their privileges to administrative levels.

AnyDesk Vulnerability Details

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access Image courtesy of Hackers Exploit AnyDesk Vulnerability to Gain Admin Access Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this vulnerability allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their privileges to administrative levels. The vulnerability has been categorized under CWE-59 (Path Traversal) with a CVSS score of 5.5 (Medium). As per a report by Cyber Security News, this issue resides in AnyDesk’s process of copying desktop background images during session initiation.

How Attackers Exploit the Vulnerability

AnyDesk copy the existing background image Image courtesy of GBHackers News When AnyDesk copies the background image, the resulting file inherits ownership and permissions from the SYSTEM account. By default, low-privileged users do not have access to files created in C:\Windows\Temp, as these files are protected by the SYSTEM account.

File Name Pre-Creation

An attacker can pre-create a file in the C:\Windows\Temp directory with the same name as the background image file. Once the vulnerability is triggered, AnyDesk overwrites this file with data from the source image. File Copy performed by AnyDesk Image courtesy of GBHackers News

Directory Junction Attack

By creating a symbolic link pointing to sensitive system directories, such as \\Device\\HarddiskVolumeShadowCopy1\\Windows\\System32\\CONFIG, attackers can redirect AnyDesk’s file-copying operation to access protected files like the SAM (Security Account Manager), SYSTEM, and SECURITY files. Access Denied Image courtesy of GBHackers News With access to these files, attackers can extract hashed credentials and machine keys to obtain administrative privileges, enabling full system compromise.

Mitigation and Updates

AnyDesk has released version 9.0.1 to address the vulnerability. Users and organizations are strongly advised to update immediately. Cybersecurity vigilance remains critical as the implications of this vulnerability highlight the need for robust security measures and proactive patch management.

Critical Zimbra Flaws

Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data Image courtesy of Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data Serious vulnerabilities have been disclosed in Zimbra Collaboration Suite (ZCS), a popular enterprise email and collaboration platform. Researchers have identified several critical flaws that allow attackers to access sensitive data and compromise user accounts.

Key Vulnerabilities

  1. SQL Injection in ZimbraSyncService (CVE-2025-25064): This flaw allows unauthorized data exfiltration or manipulation of backend database records.
  2. SSRF in RSS Feed Parser (CVE-2025-25065): Attackers can redirect requests to internal network endpoints, facilitating lateral movement within networks.
  3. Cross-Site Scripting (XSS) in Classic Web Client (CVE-2024-45516): This vulnerability enables the injection of malicious scripts into user sessions.
  4. CSRF in GraphQL Endpoints: Attackers can perform unauthorized API operations without valid authentication tokens.

These vulnerabilities could lead to data theft, unauthorized account access, and service disruption.

Recommended Actions

Zimbra has released patches addressing the vulnerabilities in its latest updates:

  • Zimbra 9.0.0 Patch 44
  • Zimbra 10.0.13 & 10.1.5

Organizations using older versions are urged to upgrade immediately to mitigate risks. Regular software updates and proactive threat monitoring remain vital in preventing unauthorized access to sensitive data.

GrackerAI's Role in Cybersecurity Marketing

GrackerAI is an AI-powered cybersecurity marketing platform designed to help organizations transform security news into strategic content opportunities. By automating insight generation from industry developments, GrackerAI enables marketing teams to identify emerging trends, monitor threats, and produce technically relevant content that resonates with cybersecurity professionals and decision-makers. Explore how GrackerAI can enhance your cybersecurity marketing efforts by visiting GrackerAI.

Ankit Agarwal
Ankit Agarwal

Growth Hacker

 

Growth strategist who cracked the code on 18% conversion rates from SEO portals versus 0.5% from traditional content. Specializes in turning cybersecurity companies into organic traffic magnets through data-driven portal optimization.

Related Articles

Quality at Scale: How AI Solves Programmatic SEO's Biggest Challenge

Discover how AI transforms thin programmatic content into high-quality pages that survive Google's 2025 updates. Includes quality metrics and implementation guide.

By Deepak Gupta October 2, 2025 13 min read
Read full article

How AI Tools and Outlook Email Templates Can Streamline Communication

AI writing tools and Outlook templates save time, reduce errors, and boost focus. Learn how smart content and automation turn email into a productivity tool.

October 2, 2025 7 min read
Read full article
lookalike audience

Expand Your Reach: How to Create a Lookalike Audience

Learn how to create lookalike audiences to expand your reach, target high-value leads, and drive B2B SaaS growth. A cybersecurity growth hacking guide.

By Deepak Gupta October 2, 2025 4 min read
Read full article
Link Building

How to Succeed in Link Building Outreach in 2026

Learn effective link-building outreach strategies in 2026 to get quality backlinks with personalized emails, relevance, and real value.

By Deepak Gupta October 1, 2025 4 min read
Read full article