vulnerability
Citrix Virtual Apps and Desktops: CVE-2025-6759: Improper Privilege Management
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:H/Au:S/C:C/I:C/A:C) | Jul 8, 2025 | Jul 8, 2025 | Jan 9, 2026 |
Severity
6
CVSS
(AV:L/AC:H/Au:S/C:C/I:C/A:C)
Published
Jul 8, 2025
Added
Jul 8, 2025
Modified
Jan 9, 2026
Description
A local privilege escalation vulnerability was found in Citrix Virtual Apps and Desktops that allowed a low-privileged user to duplicate a leaked privileged process handle from the GfxMgr.exe process. This allowed a new process to be spawned in the context of NT AUTHORITY\SYSTEM. The leaked handle was present in CtxGfx.exe, a process our low-privileged user had Process_All_Access to.
Solution
citrix-virtual-apps-and-desktops-upgrade-latest
References
- CVE-2025-6759
- https://attackerkb.com/topics/CVE-2025-6759
- URL-https://www.rapid7.com/blog/post/cve-2025-6759-citrix-virtual-apps-and-desktops-fixed/
- URL-https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694820&articleURL=Windows_Virtual_Delivery_Agent_for_CVAD_and_Citrix_DaaS_Security_Bulletin_CVE_2025_6759
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.