Plattform
windows
Komponente
windows-virtual-delivery-agent
Behoben in
2503
2402.0.1
CVE-2025-6759 is a privilege escalation vulnerability affecting Windows Virtual Delivery Agent. This flaw allows a low-privileged user to elevate their privileges to SYSTEM, granting them complete control over the affected system. The vulnerability impacts versions of Windows Virtual Delivery Agent up to and including 2503, with a fix available in version 2503.
Successful exploitation of CVE-2025-6759 allows an attacker with limited privileges to gain full SYSTEM access on the target machine. This grants them the ability to install malicious software, modify system configurations, steal sensitive data, and potentially pivot to other systems on the network. The impact is particularly severe in environments utilizing Windows Virtual Delivery Agent for virtual desktop infrastructure (VDI) or Citrix DaaS, as a compromised agent could lead to widespread system compromise. This vulnerability resembles other local privilege escalation flaws where attackers exploit weaknesses in access control mechanisms to elevate their privileges.
CVE-2025-6759 was published on 2025-07-08. The EPSS score is pending evaluation. As of this writing, no public proof-of-concept (POC) exploits are publicly available. Active exploitation campaigns are not currently confirmed, but the potential for exploitation exists given the ease of privilege escalation once the vulnerability is triggered.
Organizations heavily reliant on Windows Virtual Delivery Agent for VDI or Citrix DaaS deployments are at significant risk. Environments with weak user privilege management or lacking robust network segmentation are particularly vulnerable. Legacy configurations or deployments that have not been regularly patched are also at increased risk.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4624 -MessageText '*Authentication succeeded* SYSTEM*'">• windows / supply-chain:
Get-Process -ErrorAction SilentlyContinue | Where-Object {$_.ProcessName -match 'VDA'}• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*VDA*'} | Format-Table TaskName, Statedisclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
The primary mitigation for CVE-2025-6759 is to upgrade to Windows Virtual Delivery Agent version 2503 or later, which contains the fix. If immediate upgrade is not feasible, consider implementing stricter user access controls and monitoring for suspicious activity. Review existing group policies to ensure least privilege principles are enforced. While a direct WAF rule is unlikely to be effective for this local privilege escalation, monitoring for unusual process execution by low-privileged users can provide early warning signs. After upgrade, confirm the fix by attempting to reproduce the vulnerability with a low-privileged user account and verifying that privilege escalation is prevented.
Actualice Windows Virtual Delivery Agent a la versión 2503 o superior, o a la versión 2402 LTSR CU3 o superior. Esto solucionará la vulnerabilidad de escalada de privilegios local.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-6759 is a vulnerability in Windows Virtual Delivery Agent that allows a low-privileged user to gain SYSTEM privileges, potentially compromising the entire system.
You are affected if you are using Windows Virtual Delivery Agent versions equal to or less than 2503. Check your current version and upgrade accordingly.
Upgrade Windows Virtual Delivery Agent to version 2503 or later to remediate the vulnerability. If immediate upgrade is not possible, implement network segmentation and restrict user privileges.
While no public exploits are currently available, the potential for SYSTEM-level privilege escalation suggests a high likelihood of exploitation in the future. Monitor security advisories.
Refer to the Microsoft Security Update Guide for the latest information and official advisory regarding CVE-2025-6759.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.