CVE-2016-20094 | AnyDesk 2.5.0 contains an unquoted service path vulnerabilit… | CVSS 7.8 HIGH

Description

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during application startup or system reboot.

Metadata

CVE ID: CVE-2016-20094
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 13:25 UTC
Published: 2026-06-19 14:16 UTC
Last updated: 2026-06-19 14:16 UTC
Primary CWE: CWE-428
Unquoted Search Path or Element
Vendor / Product: Anydesk / AnyDesk
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Anydesk	AnyDesk	—	2.5.0

Weakness (CWE)

CWE	Source	Description
CWE-428	cna	Unquoted Search Path or Element

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

ExploitDB-40410 https://www.exploit-db.com/exploits/40410
Official Product Homepage http://anydesk.com
Product Reference http://anydesk.com/download
VulnCheck Advisory: AnyDesk 2.5.0 Unquoted Service Path Elevation of Privilege https://www.vulncheck.com/advisories/anydesk-unquoted-service-path-elevation-of-privilege