CVE-2019-25261
Unquoted Service Path Vulnerability in AnyDesk 5.4.0 Enables Privilege Escalation
Publication date: 2026-02-03
Last updated on: 2026-02-25
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anydesk | anydesk | 5.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25261 is an unquoted service path vulnerability in AnyDesk version 5.4.0 on Windows systems. The service executable path is not enclosed in quotes, which can cause the system to misinterpret the path if it contains spaces.
This misconfiguration allows a local attacker to place malicious executables in locations that the system might execute instead of the intended AnyDesk service executable.
Because the AnyDesk service runs with elevated privileges (LocalSystem account) and starts automatically, exploiting this vulnerability can lead to execution of arbitrary code with high system privileges.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow a local attacker to execute malicious code with elevated system privileges.
This can compromise the confidentiality, integrity, and availability of the affected system.
- Local privilege escalation to the LocalSystem account.
- Potential unauthorized access or control over the system.
- Execution of arbitrary malicious executables leading to system compromise.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service executable path for AnyDesk on Windows systems to see if it is unquoted. Specifically, you need to verify if the path to the AnyDesk service executable contains spaces and is not enclosed in quotation marks.
A common method is to use Windows command line tools to query the service configuration and inspect the binary path.
- Run the command: sc qc AnyDesk
- Check the BINARY_PATH_NAME output for unquoted paths with spaces, for example: C:\Program Files (x86)\AnyDesk\AnyDesk.exe --service
- If the path is unquoted and contains spaces, the system is vulnerable to this unquoted service path issue.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, you should correct the service executable path by enclosing it in quotation marks to prevent the system from misinterpreting the path and executing malicious files.'}, {'type': 'paragraph', 'content': 'Specifically, update the AnyDesk service configuration so that the binary path is quoted, for example: "C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe" --service'}, {'type': 'paragraph', 'content': 'Alternatively, ensure that no malicious executables exist in any of the directories that could be interpreted as part of the unquoted path.'}, {'type': 'paragraph', 'content': 'Additionally, consider updating AnyDesk to a version where this vulnerability is fixed or applying any official patches if available.'}] [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows local attackers to execute malicious code with elevated system privileges, potentially compromising the confidentiality, integrity, and availability of the affected system.
Such compromises can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.
However, the provided information does not explicitly describe the direct effects on compliance with these standards.