Citrix Secure Access Client vulnerabilities

6 known vulnerabilities affecting citrix/secure_access_client.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-0320HIGHCVSS 8.6fixed in 25.5.1.152025-06-17
CVE-2025-0320 [HIGH] CWE-269 CVE-2025-0320: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure A Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
nvd
CVE-2025-1223MEDIUMCVSS 5.8fixed in 25.01.22025-02-20
CVE-2025-1223 [MEDIUM] CWE-427 CVE-2025-1223: An attacker can gain application privileges in order to perform limited modification and/or read arb An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
nvd
CVE-2025-1222MEDIUMCVSS 5.8fixed in 25.01.22025-02-20
CVE-2025-1222 [MEDIUM] CVE-2025-1222: An attacker can gain application privileges in order to perform limited modification and/or read arb An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
nvd
CVE-2024-3661HIGHCVSS 7.6fixed in 24.06.1fixed in 24.8.52024-05-06
CVE-2024-3661 [HIGH] CWE-306 CVE-2024-3661: DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-bas DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the V
nvd
CVE-2023-24492HIGHCVSS 8.8fixed in 23.5.22023-07-11
CVE-2023-24492 [HIGH] CWE-94 CVE-2023-24492: A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploit A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
nvd
CVE-2023-24491HIGHCVSS 7.8fixed in 23.5.1.32023-07-11
CVE-2023-24491 [HIGH] CWE-269 CVE-2023-24491: A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exp A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM.
nvd