Local Privilege Escalation in Citrix Virtual Delivery Agent
CVE-2025-6759

7.3HIGH

Key Information:

Vendor

Citrix
Status
Windows Virtual Delivery Agent For Cvad And Citrix Daas
Vendor
CVE Published:
8 July 2025

Badges

📈 Score: 160👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-6759?

CVE-2025-6759 is a critical vulnerability in the Citrix Virtual Delivery Agent, a software component essential for delivering virtual applications and desktops to users within a Citrix environment. This vulnerability pertains to local privilege escalation, where a low-privileged user could elevate their access rights to SYSTEM privileges within the Windows operating system. This poses a serious risk to organizations as it can allow unauthorized users to execute arbitrary code or commands with higher-level privileges, potentially compromising sensitive data and system integrity.

The implications of this vulnerability are significant, particularly in environments that rely on Citrix solutions for remote work and application delivery. If exploited, an attacker could manipulate system configurations, install malicious software, or access confidential information, leading to severe operational disruption and security breaches.

Potential impact of CVE-2025-6759

  1. Unauthorized Access and Control: The ability for low-privileged users to gain SYSTEM level access can facilitate unauthorized control over critical systems, allowing attackers to manipulate system settings and access restricted data.

  2. Data Breach Risks: Exploitation of this vulnerability could lead to the loss of sensitive corporate data, client information, or proprietary software, exposing organizations to potential legal liabilities and reputational damage.

  3. Increased Malware Propagation: With elevated privileges, an attacker could deploy malware, including ransomware, throughout the network, potentially leading to widespread system outages and recovery costs.

Affected Version(s)

Windows Virtual Delivery Agent for CVAD and Citrix DaaS Current Release (CR) < 2503

Windows Virtual Delivery Agent for CVAD and Citrix DaaS Long Term Service Release (LTSR) <= 2402 LTSR CU2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

TestCitrixException
Created by olljanat

News Articles

favicon imageCyberSecurityNews

Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges

A security vulnerability has been discovered in Citrix Windows Virtual Delivery Agent that allows local attackers to escalate privileges.

favicon imageCyberSecurityNews

Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges

A security vulnerability has been discovered in Citrix Windows Virtual Delivery Agent that allows local attackers to escalate privileges.

favicon imageCyber Press

Critical Flaw in Citrix Windows VDA Allows SYSTEM Privilege Escalation

The vulnerability, published on July 8, 2025, enables low-privileged users to gain SYSTEM-level privileges on affected systems,

References

https://support.citrix.com/support-home/kbsearch/article?...

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.