Plataforma
citrix
Componente
citrix-secure-access-client-for-windows
Corrigido em
25.5.1.15
CVE-2025-0320 describes a privilege escalation vulnerability affecting Citrix Secure Access Client for Windows. This flaw allows a low-privileged user to elevate their privileges to SYSTEM level, granting them complete control over the affected system. The vulnerability impacts versions 1.0 through 25.5.1.15, and a fix is available in version 25.5.1.15.
Successful exploitation of CVE-2025-0320 allows an attacker to bypass standard access controls and execute code with SYSTEM privileges. This grants them unrestricted access to the compromised system, including the ability to install malware, steal sensitive data, modify system configurations, and potentially pivot to other systems on the network. The impact is severe, as it effectively grants the attacker full administrative control. This vulnerability is particularly concerning given the client's role in secure access, potentially allowing attackers to compromise user credentials and network resources.
As of the publication date (2025-06-17), this vulnerability is not listed on the CISA KEV catalog. Public proof-of-concept exploits are currently unknown, but the severity of the vulnerability warrants proactive mitigation. The potential for SYSTEM-level access makes this a high-priority vulnerability to address, especially given the client's role in secure access.
Organizations heavily reliant on Citrix Secure Access Client for remote access, particularly those with legacy configurations or shared hosting environments, are at increased risk. Systems with weak user privilege management practices are also more vulnerable, as a compromised low-privileged account could be leveraged to escalate privileges.
• windows / supply-chain:
Get-Process citrixsecureaccessclient | Select-Object -ExpandProperty ProcessId• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Citrix Secure Access Client']]]" -MaxEvents 10• windows / supply-chain: Check Autoruns for unusual entries related to Citrix Secure Access Client (using tools like Autoruns from Sysinternals).
disclosure
Status do Exploit
EPSS
0.03% (percentil 7%)
CISA SSVC
The primary mitigation for CVE-2025-0320 is to upgrade Citrix Secure Access Client for Windows to version 25.5.1.15 or later. Prior to upgrading, it's recommended to back up the system configuration to facilitate rollback if necessary. While a direct workaround isn't available, restricting user privileges and implementing robust network segmentation can limit the potential impact of a successful exploit. Monitor system logs for suspicious activity related to the Citrix Secure Access Client process. After upgrading, confirm the fix by attempting to execute a process with a low-privileged user account and verifying that privilege escalation is prevented.
Actualice Citrix Secure Access Client para Windows a la versión 25.5.1.15 o posterior. Esto solucionará la vulnerabilidad de escalada de privilegios local.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-0320 is a vulnerability in Citrix Secure Access Client for Windows allowing a low-privileged user to gain SYSTEM privileges. This impacts versions 1.0 through 25.5.1.15 and requires immediate attention.
If you are using Citrix Secure Access Client for Windows versions 1.0 through 25.5.1.15, you are potentially affected by this vulnerability. Upgrade to version 25.5.1.15 or later to mitigate the risk.
The recommended fix is to upgrade to Citrix Secure Access Client for Windows version 25.5.1.15 or a later version. Back up your system before upgrading.
As of the publication date, there are no confirmed reports of active exploitation. However, the vulnerability's severity warrants proactive mitigation.
Please refer to the official Citrix security advisory for detailed information and updates regarding CVE-2025-0320.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.