Plattform
citrix
Komponente
citrix-workspace-app
Behoben in
2409
CU2 Hotfix 1
CU3 Hotfix 1
CVE-2025-4879 describes a local Privilege Escalation vulnerability affecting Citrix Workspace App for Windows. This vulnerability allows a low-privileged user to elevate their privileges to SYSTEM level, potentially granting them complete control over the affected system. The vulnerability impacts versions of Citrix Workspace App for Windows up to and including CU3 Hotfix 1. A fix is available in CU3 Hotfix 1.
Successful exploitation of CVE-2025-4879 allows an attacker with limited privileges to gain complete control over the affected Windows system. This could involve installing malware, accessing sensitive data, modifying system configurations, or establishing a persistent foothold within the network. The impact is particularly severe in environments where user accounts have limited privileges, as this vulnerability effectively bypasses those restrictions. Attackers could leverage this to move laterally within the network, compromising other systems and data.
CVE-2025-4879 was publicly disclosed on 2025-06-17. The EPSS score is currently pending evaluation. Public proof-of-concept (POC) code is not yet available, but the potential for exploitation is considered moderate given the severity of privilege escalation vulnerabilities. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing Citrix Workspace App for Windows, particularly those with a large number of users with standard user accounts, are at risk. Environments with legacy configurations or those that haven't implemented robust least privilege principles are especially vulnerable.
• windows / supply-chain:
Get-Process -Name CitrixWorkspaceApp | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID=1001 and Source='Citrix Workspace App'"• windows / supply-chain: Check Autoruns for unusual Citrix Workspace App entries. • windows / supply-chain: Monitor for new processes spawned by CitrixWorkspaceApp.exe with elevated privileges.
disclosure
Exploit-Status
EPSS
0.03% (7% Perzentil)
CISA SSVC
The primary mitigation for CVE-2025-4879 is to upgrade Citrix Workspace App for Windows to CU3 Hotfix 1 or later. If immediate upgrading is not possible, consider implementing least privilege principles to restrict user access and limit the potential impact of a successful exploit. While a direct workaround isn't available, monitoring for suspicious process activity and unauthorized access attempts can help detect exploitation. After upgrading, confirm the fix by attempting to trigger the privilege escalation exploit and verifying that it fails.
Actualice Citrix Workspace App para Windows a la versión 2409 o posterior. Si está utilizando 2402 LTSR, aplique CU2 Hotfix 1 o CU3 Hotfix 1.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-4879 is a vulnerability in Citrix Workspace App for Windows that allows a low-privileged user to gain SYSTEM privileges, potentially granting them full control over the system.
You are affected if you are using Citrix Workspace App for Windows versions prior to CU3 Hotfix 1. Check your installed version against the affected range.
Upgrade to Citrix Workspace App for Windows CU3 Hotfix 1 or a later version to remediate the vulnerability.
While active exploitation has not been confirmed, the potential for exploitation is considered moderate given the severity of the vulnerability.
Refer to the official Citrix security advisory for detailed information and updates regarding CVE-2025-4879.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.