Citrix Workspace vulnerabilities
14 known vulnerabilities affecting citrix/workspace.
Total CVEs
14
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH10MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2019-11634P1CRITICALCVSS 9.8KEVRansomwarefixed in 19042019-05-22
CVE-2019-11634 [CRITICAL] CWE-284 CVE-2019-11634: Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
nvd
CVE-2020-8207P3HIGHCVSS 8.8v1912v20022020-07-24
CVE-2020-8207 [HIGH] CWE-284 CVE-2020-8207: Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege esc
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.
nvd
CVE-2024-6148P3HIGHCVSS 8.8fixed in 2404.12024-07-10
CVE-2024-6148 [HIGH] CWE-276 CVE-2024-6148: Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
nvd
CVE-2024-6286P3HIGHCVSS 7.8fixed in 2203.1fixed in 2403.1+1 more2024-07-10
CVE-2024-6286 [HIGH] CWE-269 CVE-2024-6286: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspa
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
nvd
CVE-2025-4879P3HIGHCVSS 7.8fixed in 2402fixed in 2409+1 more2025-06-17
CVE-2025-4879 [HIGH] CWE-269 CVE-2025-4879: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspac
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
nvd
CVE-2021-22907P3HIGHCVSS 7.8fixed in 19.12.4000fixed in 21052021-05-27
CVE-2021-22907 [HIGH] CWE-284 CVE-2021-22907: An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allo
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.
nvd
CVE-2023-24485P3HIGHCVSS 7.8fixed in 2212v1912+1 more2023-02-16
CVE-2023-24485 [HIGH] CWE-284 CVE-2023-24485: Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform op
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.
nvd
CVE-2022-21825P3HIGHCVSS 7.8≥ 2012, < 21122022-02-09
CVE-2022-21825 [HIGH] CWE-284 CVE-2022-21825: An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with A
An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.
nvd
CVE-2024-7889P3HIGHCVSS 7.3fixed in 2203.1v2203.1+2 more2024-09-11
CVE-2024-7889 [HIGH] CWE-664 CVE-2024-7889: Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspac
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
nvd
CVE-2024-7890P3HIGHCVSS 7.3fixed in 2203.1v2203.1+2 more2024-09-11
CVE-2024-7890 [HIGH] CWE-269 CVE-2024-7890: Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspac
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
nvd
CVE-2024-42423P4HIGHCVSS 7.1v23.9.0.24.42024-09-10
CVE-2024-42423 [HIGH] CWE-863 CVE-2024-42423: Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vul
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.
nvd
CVE-2024-6149P4MEDIUMCVSS 6.1fixed in 2404.12024-07-10
CVE-2024-6149 [MEDIUM] CWE-601 CVE-2024-6149: Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
nvd
CVE-2023-24486P4MEDIUMCVSS 5.5fixed in 23022023-07-10
CVE-2023-24486 [MEDIUM] CWE-284 CVE-2023-24486: A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
nvd
CVE-2023-24484P4MEDIUMCVSS 5.5fixed in 2212v1912+1 more2023-02-16
CVE-2023-24484 [MEDIUM] CWE-284 CVE-2023-24484: A malicious user can cause log files to be written to a directory that they do not have permission t
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
nvd