CVE-2025-6759

Published Jul 8, 2025

Last updated 8 days ago

CVSS high 7.3

Overview

Description
Local Privilege escalation allows a low-privileged user to gain SYSTEM privilegesย in Windows Virtual Delivery Agent for CVAD and Citrix DaaS
Source
secure@citrix.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

secure@citrix.com
CWE-269

Social media

Hype score
Not currently trending

  1. ๐Ÿšจ Security Alert: Citrix Virtual Delivery Agent (VDA) for Windows has a critical vulnerability (CVE-2025-6759, CVSS 7.3) that could let low-privilege users gain SYSTEM privileges. Affected: CR versions before 2503 and all 2402 LTSR versions. 2203 LTSR versions are safe. Update

    @Helient

    12 Jul 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. โš ๏ธVulnerabilidades en los productos de Citrix โ—CVE-2025-6759 โžก๏ธMรกs info: https://t.co/uAKLfjUIMK https://t.co/DqaUVvRP0T

    @CERTpy

    11 Jul 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Windows Virtual Delivery Agent for #CVAD and #Citrix DaaS Security Bulletin CVE-2025-6759: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges Temporary and definitive fixes provided: https://t.co/xkHTUu9wuV #CitrixAdmin

    @CJeucken

    9 Jul 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-6759 impacts the ๐—ฉ๐—ถ๐—ฟ๐˜๐˜‚๐—ฎ๐—น ๐——๐—ฒ๐—น๐—ถ๐˜ƒ๐—ฒ๐—ฟ๐˜† ๐—”๐—ด๐—ฒ๐—ป๐˜ for CVAD, DaaS, enabling a user with minimal privileges to escalate their ๐—ฎ๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€ ๐˜๐—ผ ๐—ฆ๐—ฌ๐—ฆ๐—ง๐—˜๐—  ๐—น๐—ฒ๐˜ƒ๐—ฒ๐—น. P๐—ฟ๐—ผ๐—บ

    @Koetzing

    8 Jul 2025

    622 Impressions

    7 Retweets

    11 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  5. New Citrix CVE Alert: High severity vulnerability (CVE-2025-6759) found in Windows VDA for Virtual Apps & Desktops + DaaS. Affects: CR < version 2503; 2402 LTSR CU2 & earlier. 2203 LTSR NOT affected Patch now! Call IntraSystems support for assistance. ๐Ÿ”— https://t.c

    @Intra_Access

    8 Jul 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. New @Citrix updates for 2402 LTSR for CVE-2025-6759, a local privilege escalation vulnerability (2503 not affected) https://t.co/GHXxXdkNmE

    @guyrleech

    8 Jul 2025

    291 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.