| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2025-0320 | 17 Jun 202514:15 | – | attackerkb | |
| The vulnerability of the Citrix Secure Access Client software for secure remote access on the Windows operating system arises from the insecure management of privileges. This allows attackers to elevate their own privileges. | 27 Aug 202500:00 | – | bdu_fstec | |
| CVE-2025-0320 | 17 Jun 202513:39 | – | circl | |
| Citrix Secure Access Client for Windows 安全漏洞 | 17 Jun 202500:00 | – | cnnvd | |
| Citrix Secure Access Client for Windows Security Bulletin for CVE-2025-0320 | 17 Jun 202511:54 | – | citrix | |
| CVE-2025-0320 | 17 Jun 202513:25 | – | cve | |
| CVE-2025-0320 Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges | 17 Jun 202513:25 | – | cvelist | |
| EUVD-2025-18498 | 3 Oct 202520:07 | – | euvd | |
| CVE-2025-0320 | 17 Jun 202514:15 | – | nvd | |
| CVE-2025-0320 | 17 Jun 202514:15 | – | osv |
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(240757);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/07/08");
script_cve_id("CVE-2025-0320");
script_xref(name:"IAVB", value:"2025-A-0448");
script_name(english:"Citrix Secure Access < 25.5.1.15 Privilege Escalation (CTX694724)");
script_set_attribute(attribute:"synopsis", value:
"Citrix Secure Access formerly known as Citrix Gateway Plug-in for Windows installed on the remote Windows
host is affected by a privilege escalation vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Citrix Secure Access installed on the remote host is prior to 25.5.1.15.
It is, therefore, affected by a privilege escalation vulnerability which allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for windows.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's
self-reported version number.");
# https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694724&articleURL=Citrix_Secure_Access_Client_for_Windows_Security_Bulletin_for_CVE_2025_0320
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5caf26b8");
script_set_attribute(attribute:"solution", value:
"Upgrade to Citrix Secure Access Client for Windows version 25.5.1.15, or later.");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-0320");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/06/17");
script_set_attribute(attribute:"patch_publication_date", value:"2025/06/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:citrix:secure_access");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("citrix_gateway_plug-in_detect.nbin");
script_require_ports("installed_sw/Citrix Gateway Plug-in", "installed_sw/Citrix Secure Access", "SMB/Registry/Enumerated");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'requires': [
{'scope': 'target', 'match': {'os': 'windows'}}
],
'checks': [
{
'product': {'name': 'Citrix Secure Access', 'type': 'app'},
'check_algorithm': 'default',
'constraints' : [
{'fixed_version': '25.5.1.15'}
]
}
]
};
var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation