Citrix
Monthly
Local privilege escalation in the Citrix Secure Access Client and Citrix Endpoint Analysis (EPA) Client for Windows allows a low-privileged local user to gain higher (likely SYSTEM-level) privileges through improper privilege management (CWE-269). It affects Secure Access Client for Windows before 26.6.1.20 and Endpoint Analysis Client for Windows before 26.5.1.7, both of which run privileged Windows service/agent components on the endpoint. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Citrix rates the flaw high severity (CVSS 4.0 base 8.5) given full confidentiality, integrity, and availability impact once exploited.
Out-of-bounds read in Citrix Secure Access Client for Windows (all versions before 26.6.1.20) enables a local low-privileged attacker to read memory beyond an allocated buffer boundary, resulting in high confidentiality impact with no integrity or availability consequence. The CVSS 4.0 score of 6.8 reflects the local attack vector and low-privilege requirement, meaning an attacker must already hold a foothold on the endpoint. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis.
Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that produce unpredictable or erroneous behavior when the appliance is configured for specific DNS or load-balancing roles. Remote unauthenticated attackers can send crafted traffic to a vulnerable appliance to crash or destabilize it, with the CVSS 4.0 score of 8.8 driven primarily by high availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated attackers to trigger unpredictable or erroneous appliance behavior when the device is deployed as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable, low-complexity exploitation with no authentication, and the high confidentiality impact suggests memory contents may be exposed alongside the DoS condition. There is no public exploit identified at time of analysis and the CVE is not on CISA KEV.
Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the appliance is configured as a SAML identity provider (IDP), enabling disclosure of sensitive in-memory data such as tokens, session material, or other process memory. The CVSS 4.0 score of 8.8 reflects network-reachable, unauthenticated exploitation (PR:N) with high confidentiality and availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The flaw belongs to the same class of NetScaler appliance vulnerabilities (e.g., Citrix Bleed-style memory disclosure) that have historically drawn aggressive exploitation, making prompt patching advisable.
Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive the appliance by sending malformed HTTP/2 requests, but only when HTTP/2 is enabled in the HTTP Profile and bound to an LB, CS, or VPN virtual server or service. The CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity loss, exploitable over the network without authentication or user interaction. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Memory overread in Citrix NetScaler ADC and NetScaler Gateway exposes low-confidence partial memory contents to unauthenticated remote attackers when TCP TimeStamp processing is triggered against a misconfigured or specifically configured TCP Profile. The vulnerability is rooted in insufficient input validation (CWE-125) within the TCP TimeStamp handling code path, affecting virtual servers of type Load Balancer, Content Switching, and VPN, as well as configured services. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis, though the network-accessible, zero-privilege attack vector warrants prompt patching given NetScaler's broad enterprise deployment.
Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network retrieve sensitive files from the appliance when the NSIP, Cluster Management IP, or a SNIP has management access enabled. The flaw (CWE-73, external control of file name or path) carries a CVSS 4.0 base score of 7.1 with high confidentiality impact, and no public exploit identified at time of analysis. Exposure is gated by the management interface being reachable, which limits but does not eliminate risk given NetScaler's history of attacker targeting.
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.
An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management.
Citrix NetScaler ADC and Gateway instances configured for SSL VPN, ICA Proxy, CVPN, RDP Proxy, or AAA virtual servers are vulnerable to a race condition that enables authenticated attackers to hijack other users' sessions. An attacker with valid credentials can exploit timing-dependent conditions to cause session mixup between concurrent users, potentially gaining unauthorized access to sensitive resources or impersonating other authenticated users. No patch is currently available for this high-severity vulnerability.
Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability enabling remote code execution and denial of service when configured as VPN, AAA, or load balancing virtual servers.
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS
Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended control flow and denial of service when configured as VPN or AAA virtual server. KEV-listed with public PoC, this vulnerability paired with CVE-2025-5777 (memory overread) indicates a systemic weakness in NetScaler's VPN request processing that enables both data theft and remote code execution.
Local privilege escalation vulnerability in Citrix Workspace app for Windows that allows low-privileged users to gain SYSTEM-level privileges through an improper privilege management flaw (CWE-269). The vulnerability has a CVSS score of 7.8 (High) with low attack complexity and no user interaction required, making it a significant local threat. Status of KEV inclusion, active exploitation, and proof-of-concept availability cannot be confirmed from provided data, but the combination of high CVSS and local attack vector suggests meaningful real-world risk for organizations running Citrix Workspace on Windows endpoints.
Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-privileged user to escalate their privileges to SYSTEM level without user interaction. The vulnerability affects the Citrix Secure Access Client application on Windows systems and represents a critical threat to enterprise environments where this client is deployed, as successful exploitation grants complete system control. The CVSS 7.8 score and confirmed local attack vector indicate this is a material risk for any organization using this software, though exploitation requires prior local access to an affected system.
Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory overread when configured as VPN or AAA virtual server. KEV-listed with EPSS 69.8% and public PoC, this vulnerability enables remote unauthenticated attackers to read sensitive data from the appliance's memory, potentially exposing session tokens, credentials, and encryption keys — similar to the Heartbleed class of memory disclosure bugs.
Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthenticated attackers on the adjacent network to gain high-impact unauthorized access (confidentiality, integrity, and availability compromise) without requiring user interaction. This is a critical flaw affecting widely-deployed Citrix infrastructure used by enterprises for application delivery and remote access, with high CVSS 8.8 score reflecting the severity of direct control plane compromise.
CVE-2025-4365 is an arbitrary file read vulnerability affecting Citrix NetScaler Console and NetScaler SDX (SVM) that allows unauthenticated remote attackers to read sensitive files from affected systems. The vulnerability has a CVSS score of 7.5 (high severity) with a network-accessible attack vector requiring no authentication or user interaction. While specific KEV and EPSS data were not provided in the intelligence sources, the combination of high CVSS, unauthenticated access, and file disclosure capability indicates this requires prompt remediation.
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. Rated high severity (CVSS 8.8). No vendor patch available.
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated medium severity (CVSS 5.4). No vendor patch available.
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
Sensitive information disclosure in NetScaler Console. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Arbitrary file read in Citrix ADC and Citrix Gateway. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Temporary disruption of the ADM license service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Local privilege escalation in the Citrix Secure Access Client and Citrix Endpoint Analysis (EPA) Client for Windows allows a low-privileged local user to gain higher (likely SYSTEM-level) privileges through improper privilege management (CWE-269). It affects Secure Access Client for Windows before 26.6.1.20 and Endpoint Analysis Client for Windows before 26.5.1.7, both of which run privileged Windows service/agent components on the endpoint. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Citrix rates the flaw high severity (CVSS 4.0 base 8.5) given full confidentiality, integrity, and availability impact once exploited.
Out-of-bounds read in Citrix Secure Access Client for Windows (all versions before 26.6.1.20) enables a local low-privileged attacker to read memory beyond an allocated buffer boundary, resulting in high confidentiality impact with no integrity or availability consequence. The CVSS 4.0 score of 6.8 reflects the local attack vector and low-privilege requirement, meaning an attacker must already hold a foothold on the endpoint. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis.
Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that produce unpredictable or erroneous behavior when the appliance is configured for specific DNS or load-balancing roles. Remote unauthenticated attackers can send crafted traffic to a vulnerable appliance to crash or destabilize it, with the CVSS 4.0 score of 8.8 driven primarily by high availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated attackers to trigger unpredictable or erroneous appliance behavior when the device is deployed as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable, low-complexity exploitation with no authentication, and the high confidentiality impact suggests memory contents may be exposed alongside the DoS condition. There is no public exploit identified at time of analysis and the CVE is not on CISA KEV.
Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the appliance is configured as a SAML identity provider (IDP), enabling disclosure of sensitive in-memory data such as tokens, session material, or other process memory. The CVSS 4.0 score of 8.8 reflects network-reachable, unauthenticated exploitation (PR:N) with high confidentiality and availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The flaw belongs to the same class of NetScaler appliance vulnerabilities (e.g., Citrix Bleed-style memory disclosure) that have historically drawn aggressive exploitation, making prompt patching advisable.
Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive the appliance by sending malformed HTTP/2 requests, but only when HTTP/2 is enabled in the HTTP Profile and bound to an LB, CS, or VPN virtual server or service. The CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity loss, exploitable over the network without authentication or user interaction. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Memory overread in Citrix NetScaler ADC and NetScaler Gateway exposes low-confidence partial memory contents to unauthenticated remote attackers when TCP TimeStamp processing is triggered against a misconfigured or specifically configured TCP Profile. The vulnerability is rooted in insufficient input validation (CWE-125) within the TCP TimeStamp handling code path, affecting virtual servers of type Load Balancer, Content Switching, and VPN, as well as configured services. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis, though the network-accessible, zero-privilege attack vector warrants prompt patching given NetScaler's broad enterprise deployment.
Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network retrieve sensitive files from the appliance when the NSIP, Cluster Management IP, or a SNIP has management access enabled. The flaw (CWE-73, external control of file name or path) carries a CVSS 4.0 base score of 7.1 with high confidentiality impact, and no public exploit identified at time of analysis. Exposure is gated by the management interface being reachable, which limits but does not eliminate risk given NetScaler's history of attacker targeting.
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.
An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management.
Citrix NetScaler ADC and Gateway instances configured for SSL VPN, ICA Proxy, CVPN, RDP Proxy, or AAA virtual servers are vulnerable to a race condition that enables authenticated attackers to hijack other users' sessions. An attacker with valid credentials can exploit timing-dependent conditions to cause session mixup between concurrent users, potentially gaining unauthorized access to sensitive resources or impersonating other authenticated users. No patch is currently available for this high-severity vulnerability.
Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability enabling remote code execution and denial of service when configured as VPN, AAA, or load balancing virtual servers.
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS
Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended control flow and denial of service when configured as VPN or AAA virtual server. KEV-listed with public PoC, this vulnerability paired with CVE-2025-5777 (memory overread) indicates a systemic weakness in NetScaler's VPN request processing that enables both data theft and remote code execution.
Local privilege escalation vulnerability in Citrix Workspace app for Windows that allows low-privileged users to gain SYSTEM-level privileges through an improper privilege management flaw (CWE-269). The vulnerability has a CVSS score of 7.8 (High) with low attack complexity and no user interaction required, making it a significant local threat. Status of KEV inclusion, active exploitation, and proof-of-concept availability cannot be confirmed from provided data, but the combination of high CVSS and local attack vector suggests meaningful real-world risk for organizations running Citrix Workspace on Windows endpoints.
Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-privileged user to escalate their privileges to SYSTEM level without user interaction. The vulnerability affects the Citrix Secure Access Client application on Windows systems and represents a critical threat to enterprise environments where this client is deployed, as successful exploitation grants complete system control. The CVSS 7.8 score and confirmed local attack vector indicate this is a material risk for any organization using this software, though exploitation requires prior local access to an affected system.
Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory overread when configured as VPN or AAA virtual server. KEV-listed with EPSS 69.8% and public PoC, this vulnerability enables remote unauthenticated attackers to read sensitive data from the appliance's memory, potentially exposing session tokens, credentials, and encryption keys — similar to the Heartbleed class of memory disclosure bugs.
Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthenticated attackers on the adjacent network to gain high-impact unauthorized access (confidentiality, integrity, and availability compromise) without requiring user interaction. This is a critical flaw affecting widely-deployed Citrix infrastructure used by enterprises for application delivery and remote access, with high CVSS 8.8 score reflecting the severity of direct control plane compromise.
CVE-2025-4365 is an arbitrary file read vulnerability affecting Citrix NetScaler Console and NetScaler SDX (SVM) that allows unauthenticated remote attackers to read sensitive files from affected systems. The vulnerability has a CVSS score of 7.5 (high severity) with a network-accessible attack vector requiring no authentication or user interaction. While specific KEV and EPSS data were not provided in the intelligence sources, the combination of high CVSS, unauthenticated access, and file disclosure capability indicates this requires prompt remediation.
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. Rated high severity (CVSS 8.8). No vendor patch available.
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated medium severity (CVSS 5.4). No vendor patch available.
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
Sensitive information disclosure in NetScaler Console. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Arbitrary file read in Citrix ADC and Citrix Gateway. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Temporary disruption of the ADM license service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.