CVE-2025-4879

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:workspace:::::ltsr:windows::
	cpe:2.3:a:citrix:workspace:::::-:windows::
	cpe:2.3:a:citrix:workspace:2402:-:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2402:cu1:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2402:cu2:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2402:cu3:::ltsr:windows::

History

06 Aug 2025, 17:31

Type	Values Removed	Values Added
CPE		cpe:2.3:a:citrix:workspace:2402:cu2:::ltsr:windows:: cpe:2.3:a:citrix:workspace:::::-:windows:: cpe:2.3:a:citrix:workspace:2402:-:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2402:cu3:::ltsr:windows:: cpe:2.3:a:citrix:workspace:2402:cu1:::ltsr:windows:: cpe:2.3:a:citrix:workspace:::::ltsr:windows::
References	~~() https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718 -~~	() https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718 - Vendor Advisory
CWE		NVD-CWE-noinfo
First Time		Citrix Citrix workspace
Summary		(es) La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en la aplicación Citrix Workspace para Windows
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

17 Jun 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-17 14:15

Updated : 2025-08-06 17:31

NVD link : CVE-2025-4879

Mitre link : CVE-2025-4879

CVE.ORG link : CVE-2025-4879

JSON object : View

Products Affected

citrix

workspace

CWE

CWE-269

Improper Privilege Management

NVD-CWE-noinfo

{"id": "CVE-2025-4879", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "secure@citrix.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-17T14:15:33.170", "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718", "tags": ["Vendor Advisory"], "source": "secure@citrix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "secure@citrix.com", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u00a0Citrix Workspace app for Windows"}, {"lang": "es", "value": "La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en la aplicaci\u00f3n Citrix Workspace para Windows"}], "lastModified": "2025-08-06T17:31:01.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "87EFF384-1928-4877-8D2C-A2D7178CD3FA", "versionEndExcluding": "2402"}, {"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*", "vulnerable": true, "matchCriteriaId": "47D16991-345F-4B5B-B2C4-13D9AE2A1370", "versionEndExcluding": "2409"}, {"criteria": "cpe:2.3:a:citrix:workspace:2402:-:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "54058497-4D16-4C1F-8A75-D4C5F8B11FCD"}, {"criteria": "cpe:2.3:a:citrix:workspace:2402:cu1:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "8CB79352-9666-413E-AD98-268908ACAF38"}, {"criteria": "cpe:2.3:a:citrix:workspace:2402:cu2:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "DB40F284-689A-4649-9017-17239F0FF6C2"}, {"criteria": "cpe:2.3:a:citrix:workspace:2402:cu3:*:*:ltsr:windows:*:*", "vulnerable": true, "matchCriteriaId": "F7A2207C-5660-420B-B06E-C5C37090FB95"}], "operator": "OR"}]}], "sourceIdentifier": "secure@citrix.com"}