A important safety vulnerability has been found in Citrix Home windows Digital Supply Agent that enables native attackers to escalate privileges and achieve SYSTEM-level entry to affected programs.
The vulnerability, tracked as CVE-2025-6759, impacts a number of variations of Citrix Digital Apps and Desktops and Citrix DaaS platforms, posing important dangers to enterprise environments counting on these virtualization options.
Key Takeaways1. CVE-2025-6759 permits native customers to escalate to SYSTEM privileges in Citrix Home windows Digital Supply Agent with a high-severity CVSS rating of seven.3.2. Affected variations embody Present Launch builds earlier than 2503 and 2402 LTSR CU2/earlier, whereas 2203 LTSR is unaffected.3. Fixes accessible in model 2503+ for Present Launch and particular hotfix updates for 2402 LTSR CU1/CU2.4. Non permanent workaround entails disabling CtxExceptionHandler through registry edit if quick patching is not attainable.
Native Privilege Escalation Flaw (CVE-2025-6759)
The CVE-2025-6759 vulnerability represents an area privilege escalation flaw that permits low-privileged customers to realize SYSTEM privileges on affected programs.
This vulnerability is assessed below CWE-269 (Improper Privilege Administration) and carries a CVSS v4.0 Base Rating of seven.3, indicating excessive severity with the vector string CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N.
The assault vector requires native entry to the goal system, which means attackers should have already got some type of entry to the machine earlier than exploiting this vulnerability.
Nevertheless, as soon as exploited, the vulnerability offers full system compromise, granting attackers the best stage of privileges attainable on Home windows programs.
This stage of entry permits attackers to put in software program, entry delicate knowledge, create new accounts with full consumer rights, and doubtlessly transfer laterally inside the community.
The vulnerability’s technical root trigger lies in improper privilege administration inside the Digital Supply Agent element, which fails to validate and limit privilege escalation makes an attempt from lower-privileged customers correctly.
The vulnerability particularly impacts Home windows Digital Supply Agent for single-session OS utilized by Citrix Digital Apps and Desktops and Citrix DaaS.
The affected variations embody Present Launch (CR) variations of Citrix Digital Apps and Desktops earlier than 2503, and Lengthy Time period Service Launch (LTSR) variations, together with Citrix Digital Apps and Desktops 2402 LTSR CU2 and earlier variations of 2402 LTSR.
Notably, Citrix Digital Apps and Desktops 2203 LTSR just isn’t affected by this vulnerability, offering some reduction for organizations utilizing this particular model.
Danger FactorsDetailsAffected Merchandise– Home windows Digital Supply Agent for single-session OS- Citrix Digital Apps and Desktops (CR) variations earlier than 2503- Citrix Digital Apps and Desktops 2402 LTSR CU2 and earlier- Citrix DaaSImpactLocal privilege escalation Exploit PrerequisitesLocal entry to the goal systemCVSS v4.0 Score7.3 (Excessive)
Mitigation Methods
Citrix strongly recommends quick upgrading to patched variations. For Present Launch deployments, organizations ought to improve to Citrix Digital Apps and Desktops 2503 or later variations.
LTSR clients ought to set up particular updates: Citrix Digital Apps and Desktops 2402 LTSR CU1 Replace 1 (CTX694848) and Citrix Digital Apps and Desktops 2402 LTSR CU2 Replace 1 (CTX694849).
Organizations unable to improve instantly can implement a brief workaround by modifying the Home windows registry.
The mitigation entails setting the registry key [HKEY_LOCAL_MACHINESOFTWARECitrixCtxExceptionHandler] with “Enabled”=dword:00000000.
This registry modification may be deployed utilizing Citrix Workspace Surroundings Administration for centralized administration throughout a number of programs.
Extra deployment choices embody utilizing Citrix provisioning companies or Machine creation companies for non-persistent Digital Supply Brokers, and the VDA Improve Service (VUS) for persistent deployments, offering a number of pathways for organizations to deal with this important vulnerability.
MSSP Pricing Information: Methods to Lower By the Noise and the Hidden Price-> Get Your Free Information
