Skip to main content

Workspace

17 CVEs product

Monthly

CVE-2025-4879 HIGH PATCH This Week

Local privilege escalation vulnerability in Citrix Workspace app for Windows that allows low-privileged users to gain SYSTEM-level privileges through an improper privilege management flaw (CWE-269). The vulnerability has a CVSS score of 7.8 (High) with low attack complexity and no user interaction required, making it a significant local threat. Status of KEV inclusion, active exploitation, and proof-of-concept availability cannot be confirmed from provided data, but the combination of high CVSS and local attack vector suggests meaningful real-world risk for organizations running Citrix Workspace on Windows endpoints.

Privilege Escalation Citrix Windows Workspace
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-42404 MEDIUM This Month

OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Java Workspace
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-7890 MEDIUM This Month

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Citrix Microsoft Workspace
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-7889 HIGH This Week

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Citrix Microsoft Workspace
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-42423 HIGH This Week

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Information Disclosure Citrix Workspace
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-6286 HIGH This Week

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Citrix Microsoft Workspace
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2024-6149 MEDIUM This Month

Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Citrix Workspace
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-6148 MEDIUM PATCH This Month

Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Citrix Workspace
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-2241 MEDIUM This Month

Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Workspace
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-6588 MEDIUM This Month

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Workspace
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24486 MEDIUM This Month

A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Citrix Workspace
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2257 HIGH This Week

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Authentication Bypass Workspace
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24485 HIGH PATCH This Week

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Citrix Workspace
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24484 MEDIUM PATCH This Month

A malicious user can cause log files to be written to a directory that they do not have permission to write to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Workspace
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-22907 HIGH This Week

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix Authentication Bypass Workspace
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-8207 HIGH This Week

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation RCE Authentication Bypass Citrix +1
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-11634 CRITICAL KEV THREAT Act Now

Citrix Workspace App before 1904 for Windows has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Citrix Microsoft Receiver Workspace
NVD
CVSS 3.1
9.8
EPSS
8.1%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation vulnerability in Citrix Workspace app for Windows that allows low-privileged users to gain SYSTEM-level privileges through an improper privilege management flaw (CWE-269). The vulnerability has a CVSS score of 7.8 (High) with low attack complexity and no user interaction required, making it a significant local threat. Status of KEV inclusion, active exploitation, and proof-of-concept availability cannot be confirmed from provided data, but the combination of high CVSS and local attack vector suggests meaningful real-world risk for organizations running Citrix Workspace on Windows endpoints.

Privilege Escalation Citrix Windows +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Java +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Citrix Microsoft +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Citrix Microsoft +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Information Disclosure +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Citrix Microsoft +1
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Citrix Workspace
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Citrix Workspace
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Workspace
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Workspace
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Citrix Workspace
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Authentication Bypass +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Citrix +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A malicious user can cause log files to be written to a directory that they do not have permission to write to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Workspace
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation RCE +3
NVD
EPSS 8% CVSS 9.8
CRITICAL KEV THREAT Act Now

Citrix Workspace App before 1904 for Windows has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Citrix Microsoft +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy