- Description
- Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS
- Source
- secure@citrix.com
- NVD status
- Analyzed
- Products
- virtual_apps_and_desktops
CVSS 4.0
- Type
- Secondary
- Base score
- 7.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@citrix.com
- CWE-269
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
🚨 Security Alert: Citrix Virtual Delivery Agent (VDA) for Windows has a critical vulnerability (CVE-2025-6759, CVSS 7.3) that could let low-privilege users gain SYSTEM privileges. Affected: CR versions before 2503 and all 2402 LTSR versions. 2203 LTSR versions are safe. Update
@Helient
12 Jul 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en los productos de Citrix ❗CVE-2025-6759 ➡️Más info: https://t.co/uAKLfjUIMK https://t.co/DqaUVvRP0T
@CERTpy
11 Jul 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows Virtual Delivery Agent for #CVAD and #Citrix DaaS Security Bulletin CVE-2025-6759: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges Temporary and definitive fixes provided: https://t.co/xkHTUu9wuV #CitrixAdmin
@CJeucken
9 Jul 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6759 impacts the 𝗩𝗶𝗿𝘁𝘂𝗮𝗹 𝗗𝗲𝗹𝗶𝘃𝗲𝗿𝘆 𝗔𝗴𝗲𝗻𝘁 for CVAD, DaaS, enabling a user with minimal privileges to escalate their 𝗮𝗰𝗰𝗲𝘀𝘀 𝘁𝗼 𝗦𝗬𝗦𝗧𝗘𝗠 𝗹𝗲𝘃𝗲𝗹. P𝗿𝗼𝗺
@Koetzing
8 Jul 2025
622 Impressions
7 Retweets
11 Likes
1 Bookmark
1 Reply
0 Quotes
New Citrix CVE Alert: High severity vulnerability (CVE-2025-6759) found in Windows VDA for Virtual Apps & Desktops + DaaS. Affects: CR < version 2503; 2402 LTSR CU2 & earlier. 2203 LTSR NOT affected Patch now! Call IntraSystems support for assistance. 🔗 https://t.c
@Intra_Access
8 Jul 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New @Citrix updates for 2402 LTSR for CVE-2025-6759, a local privilege escalation vulnerability (2503 not affected) https://t.co/GHXxXdkNmE
@guyrleech
8 Jul 2025
291 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
"matchCriteriaId": "EF3F3AF7-4CEB-4BDE-819E-4D59CF843B0A",
"versionEndExcluding": "2503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2402:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "A6893CD8-DECB-4063-9126-B08587BB1F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2402:cu1:*:*:ltsr:*:*:*",
"matchCriteriaId": "E7C00D26-F211-4DB7-BDB9-FE80B90586E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2402:cu2:*:*:ltsr:*:*:*",
"matchCriteriaId": "71BF4E9B-2B12-4C2C-88FE-3A5D59DCEDA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]