CVE-2025-6759 — Improper Privilege Management in Citrix Windows Virtual Delivery Agent FOR Cvad AND Citrix Daas

CWE-269 — Improper Privilege Management4 documents3 sources

Severity

7.3HIGHNVD

EPSS

0.0%

top 93.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Windows Virtual Delivery Agent FOR Cvad AND Citrix Daas Citrix Virtual Apps AND Desktops Citrix ADM +6 more

Timeline

PublishedJul 8

Latest updateJul 9

Description

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages9 packages

▶CVEListV5citrix/windows_virtual_delivery_agent_for_cvad_and_citrix_daasCurrent Release (CR) — 2503+1

▶NVDcitrix/virtual_apps_and_desktops< 2503+1

▶citrixcitrix/citrix_virtual_apps_and_desktops

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

🔴Vulnerability Details

GHSA

GHSA-w9w5-c7vm-7wqf: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS↗2025-07-09

▶

📋Vendor Advisories

Citrix

CVE-2025-6759: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS↗2025-07-08

▶

Citrix

Citrix Security Bulletin CTX694820↗

▶