CVE-2025-6759 - Vulnerability Details

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Citrix	Virtual Apps And Desktops

Configuration 1 [-]

OR	cpe:2.3:a:citrix:virtual_apps_and_desktops:::::-:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:2402:-:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:2402:cu1:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:2402:cu2:::ltsr:::*

No data.

References

Link	Providers
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694820

History

Wed, 06 Aug 2025 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Citrix Citrix virtual Apps And Desktops
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:citrix:virtual_apps_and_desktops:::::-:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:2402:-:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:2402:cu1:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:2402:cu2:::ltsr:::*
Vendors & Products		Citrix Citrix virtual Apps And Desktops
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00015}`	epss `{'score': 0.00017}`

Wed, 09 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 08 Jul 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description		Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS
Title		Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
Weaknesses		CWE-269
References		https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694820
Metrics		cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2025-07-08T21:41:21.902Z

Updated: 2025-07-10T03:55:59.944Z

Reserved: 2025-06-27T01:20:50.330Z

Link: CVE-2025-6759

Vulnrichment

Updated: 2025-07-09T13:21:45.971Z

NVD

Status : Analyzed

Published: 2025-07-08T22:15:28.213

Modified: 2025-08-06T17:32:16.163

Link: CVE-2025-6759

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object