CVE-2025-4879
published 2025-06-17CVE-2025-4879: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.11%
1.7th percentile
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | workspace | < 2402 | 2402 |
| citrix | workspace | < 2409 | 2409 |
| citrix | workspace | — | — |
| citrix | workspace_app_for_windows | >= 2402 LTSR < CU2 Hotfix 1 | CU2 Hotfix 1 |
| citrix | workspace_app_for_windows | >= 2402 LTSR < CU3 Hotfix 1 | CU3 Hotfix 1 |
| citrix | workspace_app_for_windows | >= CR < 2409 | 2409 |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.3HIGHCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
Citrix Security Bulletin CTX694718
vendor_citrix·CVSS 5.9
CVE-2025-12101 [MEDIUM] Citrix Security Bulletin CTX694718
Citrix Security Bulletin CTX694718
CVE References: CVE-2025-12101, CVE-2025-4879, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-rj6g-gj4c-2vf5: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
ghsa_unreviewed·2025-06-17
CVE-2025-4879 [HIGH] CWE-269 GHSA-rj6g-gj4c-2vf5: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Suricata
ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M3
suricata·2025-02-27·CVSS 9.2
CVE-2024-5217 [CRITICAL] ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M3
ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M3
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M3"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/login.do"; startswith; content:"jvar_page_title|3d|"; distance:0; fast_pattern; pcre:"/^.*?(?:javascript|style)/R"; reference:cve,2024-5217; reference:cve,2024-4879; reference:url,www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data; reference:url,www.resilientx.com/blog/cve-2024-5217-servicenow-vulnerability; classtype:attempted-admin; sid:2060428; rev:1; metadata:affected_product ServiceNow, attack_target Server, tls_state plaintext, created_at 2025_02_27
Suricata
ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M2
suricata·2025-02-27·CVSS 9.2
CVE-2024-5217 [CRITICAL] ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M2
ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M2
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M2"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:9; content:"/login.do"; http.request_body; content:"jvar_page_title|3d|"; fast_pattern; pcre:"/^.*?(?:javascript|style)/R"; reference:cve,2024-5217; reference:cve,2024-4879; reference:url,www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data; reference:url,www.resilientx.com/blog/cve-2024-5217-servicenow-vulnerability; classtype:attempted-admin; sid:2060409; rev:1; metadata:affected_product ServiceNow, attack_target Server, tls_state plaintext, created_at 2025_
No writeups or analysis indexed.
2025-06-17
Published