Vulners
Lucene search
Citrix Virtual Apps and Desktops Privilege Escalation (CTX694820)
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2025-6759 | 8 Jul 202521:41 | – | attackerkb |
 | CVE-2025-6759 | 8 Jul 202513:53 | – | circl |
 | Citrix Virtual Apps and Desktops 安全漏洞 | 8 Jul 202500:00 | – | cnnvd |
 | Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2025-6759 | 8 Jul 202511:49 | – | citrix |
 | CVE-2025-6759 | 8 Jul 202521:41 | – | cve |
 | CVE-2025-6759 Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges | 8 Jul 202521:41 | – | cvelist |
 | EUVD-2025-20748 | 3 Oct 202520:07 | – | euvd |
 | CVE-2025-6759 | 8 Jul 202522:15 | – | nvd |
 | PT-2025-28651 · Citrix · Citrix Virtual Apps/Desktops | 8 Jul 202500:00 | – | ptsecurity |
 | CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED) | 14 Jul 202514:07 | – | rapid7blog |
10
| Source | Link |
|---|---|
| support | www.support.citrix.com/article/CTX694820 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(241986);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/05");
script_cve_id("CVE-2025-6759");
script_xref(name:"IAVA", value:"2025-A-0479");
script_name(english:"Citrix Virtual Apps and Desktops Privilege Escalation (CTX694820)");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by a privilege escalation vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Citrix Virtual Apps and Desktops installed on the remote Windows host is prior to 2503, or
prior to 2402 LTSR CU1 Update 1, or prior to 2402 LTSR CU2 Update 2. It is, therefore, affected by a privilege
escalation vulnerability. By exploiting this vulnerability, a local, low-privileged attacker could gain SYSTEM
privileges.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.citrix.com/article/CTX694820");
script_set_attribute(attribute:"solution", value:
"Upgrade to 2503, 2402 LTSR CU1 Update 1, 2402 LTSR CU2 Update 2 or later, or apply the
registry workaround described in the security advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-6759");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/08");
script_set_attribute(attribute:"patch_publication_date", value:"2025/07/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:citrix:virtual_apps_and_desktops");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("citrix_virtual_apps_and_desktops_installed.nbin");
script_require_keys("installed_sw/Citrix Virtual Apps and Desktops");
exit(0);
}
include('vcf.inc');
include("smb_reg_query.inc");
var app_info = vcf::get_app_info(app:'Citrix Virtual Apps and Desktops', win_local:TRUE);
var app = app_info['App'];
if ("Virtual Delivery Agent" >!< app)
audit(AUDIT_HOST_NOT, "affected");
var display_ver = app_info['display_version'];
var cu = app_info['CU'];
var update = app_info['Update'];
var wrkarnd = NULL;
var hklm, regkey;
var constraints;
# Check for registry workaround
registry_init();
hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
regkey = 'SOFTWARE\\Citrix\\CtxExceptionHandler\\Enabled';
wrkarnd = get_registry_value(handle:hklm, item:regkey);
RegCloseKey(handle:hklm);
close_registry();
if (!isnull(wrkarnd))
{
if (wrkarnd == 0)
audit(AUDIT_HOST_NOT, "affected");
}
if ('LTSR' >< display_ver)
{
# 2402 is the only affected LTSR version - audit out for the rest
if (display_ver =~ "2507 LTSR|2203 LTSR|1912 LTSR")
{
audit(AUDIT_HOST_NOT, "affected");
}
if ('2402 LTSR' >< display_ver)
{
# if 2402 LTSR without CU, or CU1 without Update 1
if (empty_or_null(cu) || (cu <= 1 && (empty_or_null(update) || update < 1)))
constraints = [{'equal': '7.2402', 'fixed_display': 'Upgrade to 2402 LTSR CU1 Update 1 or later'}];
# if 2402 LTSR CU2 without Update 1
else if (cu == 2 && (empty_or_null(update) || update < 1))
constraints = [{'equal': '7.2402', 'fixed_display': 'Upgrade to 2402 LTSR CU2 Update 1 or later'}];
else
audit(AUDIT_HOST_NOT, "affected");
}
}
else
# current release (CR)
constraints = [{'fixed_version': '7.2503', 'fixed_display': 'Upgrade to 2503 or later' }];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 May 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.17.8
CVSS 47.3
EPSS0.00064
SSVC