Primary

Context

Citrix Virtual Delivery Agent Privilege Escalation Vulnerability

Vulnerability

Patched

A local privilege escalation vulnerability has been identified in the Windows Virtual Delivery Agent used by Citrix Virtual Apps and Desktops, as well as Citrix DaaS. This vulnerability allows a low-privileged user to gain SYSTEM privileges. It affects Citrix Virtual Apps and Desktops versions prior to 2503, and the 2402 LTSR CU2 and earlier versions of 2402 LTSR. Notably, Citrix Virtual Apps and Desktops 2203 LTSR is not affected.

Impact

Exploitation of this vulnerability allows low-privileged users to gain SYSTEM privileges on the affected Windows system.

Remediation

Citrix recommends upgrading to Windows Virtual Delivery Agent versions that contain the fixes. For Citrix Virtual Apps and Desktops, users should upgrade to version 2503 or later. For those on the 2402 LTSR, CU1 Update 1 or CU2 Update 1 should be installed. Citrix DaaS customers can use the VDA Upgrade Service to update their Windows persistent Virtual Delivery Agents.

Added: Jul 9, 2025, 12:10 AM

Updated: Jul 9, 2025, 12:10 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

3.5

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

3.5

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Citrix Virtual Delivery Agent Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Citrix Virtual Apps and Desktops

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating