EUVD-2024-49530

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Privilege escalation in Citrix Session Recording for authenticated users in Windows Active Directory domain

Reporter	Title	Published	Views	Family All 21
BDU FSTEC	The vulnerability of the Session Recording component of software for virtualization and application delivery in Citrix Virtual Apps and Desktops (formerly XenApp and XenDesktop) allows a attacker to execute arbitrary code.	22 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-8068	12 Nov 202416:21	–	circl
CISA KEV Catalog	Citrix Session Recording Improper Privilege Management Vulnerability	25 Aug 202500:00	–	cisa_kev
CISA	CISA Adds Three Known Exploited Vulnerabilities to Catalog	25 Aug 202512:00	–	cisa
CISA	Citrix Releases Security Updates for NetScaler and Citrix Session Recording	12 Nov 202412:00	–	cisa
Tenable Nessus	Citrix Virtual Apps and Desktops Session Recording Multiple Vulnerabilities (CTX691941)	14 Nov 202400:00	–	nessus
CNNVD	Citrix Systems Virtual Apps and Desktops 安全漏洞	12 Nov 202400:00	–	cnnvd
Citrix	Citrix Session Recording Security Bulletin for CVE-2024-8068 and CVE-2024-8069	12 Nov 202407:00	–	citrix
CVE	CVE-2024-8068	12 Nov 202417:49	–	cve
Cvelist	CVE-2024-8068 Privilege escalation to NetworkService Account access	12 Nov 202417:49	–	cvelist

[
  {
    "enisaIdVendor": [
      {
        "id": "2dd1ae22-1f19-3314-b897-e697c22e0827",
        "vendor": {
          "name": "Citrix"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "14c5953e-57d6-3ecc-aea3-b751a849512b",
        "product": {
          "name": "Citrix Session Recording"
        },
        "product_version": "1912 LTSR <CU9 hotfix 19.12.9100.6"
      },
      {
        "id": "b404e162-3b7d-3351-bc8a-403bfc9edf5c",
        "product": {
          "name": "Citrix Session Recording"
        },
        "product_version": "2402 LTSR <CU1 hotfix 24.02.1200.16"
      },
      {
        "id": "c2e5198f-eb7a-3436-af66-4e4e90914d66",
        "product": {
          "name": "Citrix Session Recording"
        },
        "product_version": "2203 LTSR <CU5 hotfix 22.03.5100.11"
      },
      {
        "id": "fb2395db-6be8-30ee-9f0a-fbfb087d9b66",
        "product": {
          "name": "Citrix Session Recording"
        },
        "product_version": "2407 Current Release <24.5.200.8"
      }
    ]
  }
]

Source	Link
support	www.support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069

03 Oct 2025 20:07Current

9.3High risk

Vulners AI Score9.3

CVSS 45.1

CVSS 3.18

EPSS0.01399