CVE-2020-13885

HIGH

Citrix Workspace App < 2006.1 - Incorrect Default Permissions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-13885. PoCs published by hessandrew.

AI-analyzed exploit summary This repository contains a writeup describing a privilege escalation vulnerability (CVE-2020-13885) in Citrix Workspace app before version 1912. The exploit involves placing a malicious 'webio.dll' in an insecure directory, which gets executed during uninstallation by an admin, leading to privilege escalation.

Description

Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.

Exploits (1)

nomisec WRITEUP 1 stars
by hessandrew · poc
https://github.com/hessandrew/CVE-2020-13885

This repository contains a writeup describing a privilege escalation vulnerability (CVE-2020-13885) in Citrix Workspace app before version 1912. The exploit involves placing a malicious 'webio.dll' in an insecure directory, which gets executed during uninstallation by an admin, leading to privilege escalation.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Citrix Workspace app before 1912 for Windows
Auth required
Prerequisites: Local access to the target system · Ability to write to '%PROGRAMDATA%\Citrix\Citrix Workspace ####\' · Admin or software distribution process to trigger uninstallation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/hessandrew/CVE-2020-13885
Vendor Advisory x_refsource_confirm
https://support.citrix.com/article/CTX275460

Scores

CVSS v3 7.8
EPSS 0.0057
EPSS Percentile 42.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-276
Status published
Products (1)
citrix/workspace_app < 2006.1
Published Jun 08, 2020
Tracked Since Feb 18, 2026