PatchSiren cyber security CVE debrief
CVE-2016-20094 Anydesk CVE debrief
CVE-2016-20094 is a HIGH-severity vulnerability (CVSS Score: 8.5) affecting AnyDesk 2.5.0. The issue is an unquoted service path vulnerability, which allows local users to execute arbitrary code with SYSTEM privileges by inserting malicious executables in the system root path. This can occur during application startup or system reboot. Defenders should prioritize patching or mitigating this vulnerability to limit exposure to potential local attacks.
- Vendor
- Anydesk
- Product
- Unknown
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-19
- Original CVE updated
- 2026-06-22
- Advisory published
- 2026-06-19
- Advisory updated
- 2026-06-22
Who should care
Defenders responsible for systems with AnyDesk 2.5.0 installed should prioritize patching or mitigating this vulnerability. This includes IT administrators, cybersecurity professionals, and system owners who manage or use AnyDesk for remote access. The vulnerability's local exploitation requirement means that attackers must have existing access to the system, but the potential impact is significant, with attackers able to gain SYSTEM privileges.
Technical summary
The vulnerability exists due to an unquoted service path in AnyDesk 2.5.0. This allows an attacker to place malicious executables in the system root path, which will be executed with elevated privileges during application startup or system reboot. The Common Weakness Enumeration (CWE) for this vulnerability is CWE-428, Unquoted Search Path or Element. The CVSS v4.0 vector for this vulnerability is AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
High priority due to potential for local privilege escalation.
Recommended defensive actions
- Apply the latest patch or update for AnyDesk to version 2.5.1 or later.
- Review system root paths for AnyDesk services and ensure that no malicious executables are present.
- Implement monitoring to detect and respond to potential exploitation attempts.
- Enforce strict access controls and authentication for systems with AnyDesk installed.
- Regularly review and update software installations to ensure they are current and secure.
Evidence notes
The primary evidence for this vulnerability comes from the CVE record and the NVD detail page. The CVE record provides a brief description of the vulnerability, while the NVD detail page offers additional information, including the CVSS score and vector. The vulnerability affects AnyDesk version 2.5.0. Defenders should verify the version of AnyDesk installed on their systems and check for any signs of exploitation.
Official resources
This article is AI-assisted and based on the supplied source corpus.