Vulnerability in HP Anyware Linux Client Allows Privilege Escalation

HP has identified a significant security vulnerability in its Anyware Client for Linux, which could enable attackers to escalate their privileges within the system. A software update has been released to address this critical issue.

According to a security advisory issued by HP, the flaw involves a potential vulnerability in the HP Anyware Agent for Linux. This vulnerability could allow bypassing authentication mechanisms, ultimately leading to an escalation of user permissions. The vulnerability has been assigned the identifier CVE-2025-1003, with a CVSS score of 8.5, indicating a high level of risk. This rating suggests that the threat level is closer to 'critical' than to 'medium', necessitating prompt action from system administrators.

HP has refrained from providing detailed information about the nature of the vulnerability or the methods by which attackers might exploit it. However, the company has suggested a temporary workaround for organizations that cannot immediately apply the patch. IT administrators are advised to disable the 'PC over IP' feature by setting the configuration parameter 'pcoip.session_retry_timeout' to '0'. This feature is part of a secure remote display protocol used by the Anyware Client.

The vulnerability has been patched in versions 24.10.2 and 24.07.5 of the HP Anyware Agent for Linux. The security advisory includes links to the various installation packages needed for the update. Given the high-risk classification, administrators are encouraged to download and implement the updates without delay.

HP Anyware is a remote access software solution designed to facilitate remote work by allowing users to access desktops and applications from virtually anywhere. This incident follows a recent security breach involving Teamviewer, another remote access tool, which was also found to have vulnerabilities that permitted privilege escalation. Teamviewer has since issued updates to address those security concerns.