Cyber Resilience

CVE-2024-12754

Medium

Published: 30 December 2024

Published
30 December 2024
Modified
14 August 2025
KEV Added
Patch
CVSS Score v3 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0449 89.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12754 is a medium-severity Link Following (CWE-59) vulnerability in Anydesk Anydesk. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 10.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-12754 is a link-following information disclosure vulnerability in AnyDesk. The flaw resides in the application's handling of background images, where improper resolution of junctions allows a local process to redirect file reads performed by the AnyDesk service. Successful exploitation grants read access to arbitrary files on the system, including stored credentials.

An attacker who already possesses the ability to run low-privileged code on the target host can create a junction pointing to a sensitive file and trigger the background-image processing path. This action causes the AnyDesk service to disclose the file contents, enabling the attacker to obtain credentials that may facilitate further privilege escalation or lateral movement. The vulnerability carries a CVSS v3 score of 5.5 and is tracked as ZDI-CAN-23940.

The single published reference points to the Zero Day Initiative advisory ZDI-24-1711, which describes the issue but supplies no additional mitigation details in the available data. The associated EPSS scores remain low, with a current value of 0.0449 and a peak of 0.0500, indicating no significant post-disclosure rise in observed exploitation activity.

EU & UK References

Vulnerability details

AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

more

vulnerability. The specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

anydesk
anydesk
8.0.9

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References