CVE-2025-6759

HIGH

Citrix Virtual Apps And Desktops - Improper Privilege Management

Title source: rule

Description

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS

Exploits (1)

nomisec WORKING POC 1 stars
by olljanat · poc
https://github.com/olljanat/TestCitrixException

References (1)

Scores

CVSS v3 7.8
EPSS 0.0002
EPSS Percentile 6.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-269
Status published
Products (2)
citrix/virtual_apps_and_desktops 2402 (3 CPE variants)
citrix/virtual_apps_and_desktops < 2503
Published Jul 08, 2025
Tracked Since Feb 18, 2026