CVE-2025-4879

Published: Jun 17, 2025Modified: Aug 6, 2025

7.3

Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: secure@citrix.com (Secondary)

Description

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Affected (6)

Products: Citrix: Workspace

Citrix

1 product

Workspace

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Citrix Workspace	Before 2409
Citrix Workspace	Before 2402
Citrix Workspace	Version 2402
Citrix Workspace	Version 2402 cu1
Citrix Workspace	Version 2402 cu2
Citrix Workspace	Version 2402 cu3

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718

Source: secure@citrix.com

Vendor Advisory

Timeline

No history available yet.