Local Privilege Escalation in Citrix Virtual Delivery Agent
CVE-2025-6759
Key Information:
- Vendor
Citrix
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-6759?
CVE-2025-6759 is a critical vulnerability in the Citrix Virtual Delivery Agent, a software component essential for delivering virtual applications and desktops to users within a Citrix environment. This vulnerability pertains to local privilege escalation, where a low-privileged user could elevate their access rights to SYSTEM privileges within the Windows operating system. This poses a serious risk to organizations as it can allow unauthorized users to execute arbitrary code or commands with higher-level privileges, potentially compromising sensitive data and system integrity.
The implications of this vulnerability are significant, particularly in environments that rely on Citrix solutions for remote work and application delivery. If exploited, an attacker could manipulate system configurations, install malicious software, or access confidential information, leading to severe operational disruption and security breaches.
Potential impact of CVE-2025-6759
-
Unauthorized Access and Control: The ability for low-privileged users to gain SYSTEM level access can facilitate unauthorized control over critical systems, allowing attackers to manipulate system settings and access restricted data.
-
Data Breach Risks: Exploitation of this vulnerability could lead to the loss of sensitive corporate data, client information, or proprietary software, exposing organizations to potential legal liabilities and reputational damage.
-
Increased Malware Propagation: With elevated privileges, an attacker could deploy malware, including ransomware, throughout the network, potentially leading to widespread system outages and recovery costs.
Affected Version(s)
Windows Virtual Delivery Agent for CVAD and Citrix DaaS Current Release (CR) < 2503
Windows Virtual Delivery Agent for CVAD and Citrix DaaS Long Term Service Release (LTSR) <= 2402 LTSR CU2