CVE-2025-6759: Privilege Escalation in Windows Virtual Delivery Agent
Platform
windows
Component
windows-virtual-delivery-agent
Fixed in
2503
2402.0.1
CVE-2025-6759 is a privilege escalation vulnerability affecting Windows Virtual Delivery Agent. This flaw allows a low-privileged user to elevate their privileges to SYSTEM, granting them complete control over the affected system. The vulnerability impacts versions of Windows Virtual Delivery Agent up to and including 2503, with a fix available in version 2503.
Impact and Attack Scenarios
Successful exploitation of CVE-2025-6759 allows an attacker to bypass access controls and execute code with SYSTEM privileges. This grants them full administrative access to the compromised system, enabling them to install malware, steal sensitive data, modify system configurations, and potentially pivot to other systems on the network. The impact is particularly severe in environments utilizing Windows Virtual Delivery Agent for virtual desktop infrastructure (VDI) or Citrix DaaS, as a compromised agent could lead to widespread system compromise. This vulnerability shares similarities with other local privilege escalation exploits, where attackers leverage flaws in system services to gain elevated access.
Exploitation Context
CVE-2025-6759 was publicly disclosed on 2025-07-08. The EPSS score is currently pending evaluation, but the potential for SYSTEM-level privilege escalation suggests a potentially high-impact vulnerability. No public proof-of-concept (POC) code is currently available, but the vulnerability's nature makes it likely that exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
Threat Intelligence
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
Affected Software
Weakness Classification (CWE)
Timeline
- Reserved
- Published
- Modified
- EPSS updated
Mitigation and Workarounds
The primary mitigation for CVE-2025-6759 is to upgrade Windows Virtual Delivery Agent to version 2503 or later. If immediate upgrade is not feasible, consider implementing network segmentation to limit the potential blast radius of a successful exploit. Monitor system logs for suspicious activity indicative of privilege escalation attempts. While a direct workaround is unavailable, restricting user privileges and enforcing least privilege principles can reduce the potential impact. After upgrading, confirm the fix by attempting to reproduce the vulnerability with a low-privileged user account and verifying that privilege escalation is prevented.
How to fix
Actualice Windows Virtual Delivery Agent a la versión 2503 o superior, o a la versión 2402 LTSR CU3 o superior. Esto solucionará la vulnerabilidad de escalada de privilegios local.
CVE Security Newsletter
Vulnerability analysis and critical alerts directly to your inbox.
Frequently asked questions
What is CVE-2025-6759 — Privilege Escalation in Windows Virtual Delivery Agent?
CVE-2025-6759 is a vulnerability in Windows Virtual Delivery Agent that allows a low-privileged user to gain SYSTEM privileges, potentially compromising the entire system.
Am I affected by CVE-2025-6759 in Windows Virtual Delivery Agent?
You are affected if you are using Windows Virtual Delivery Agent versions equal to or less than 2503. Check your current version and upgrade accordingly.
How do I fix CVE-2025-6759 in Windows Virtual Delivery Agent?
Upgrade Windows Virtual Delivery Agent to version 2503 or later to remediate the vulnerability. If immediate upgrade is not possible, implement network segmentation and restrict user privileges.
Is CVE-2025-6759 being actively exploited?
While no public exploits are currently available, the potential for SYSTEM-level privilege escalation suggests a high likelihood of exploitation in the future. Monitor security advisories.
Where can I find the official Windows Virtual Delivery Agent advisory for CVE-2025-6759?
Refer to the Microsoft Security Update Guide for the latest information and official advisory regarding CVE-2025-6759.
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.