Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A newly disclosed vulnerability in Citrix Virtual Apps and Desktops could lead to threat actors spawning new processes remotely.
Citrix has disclosed another new vulnerability after a researcher at cyber security firm Rapid7 discovered a flaw in Citrix Virtual Apps and Desktops during a virtual desktop infrastructure breakout assessment.
Citrix Virtual Apps and Desktops is a virtualisation solution for desktops and applications that allows secure remote access to Windows-based desktops and apps, and a vulnerability, assigned as CVE-2025-6759, could allow a user with low privileges to duplicate a leaked SYSTEM process handle and then spawn a new process as SYSTEM.
This is a client-side vulnerability in software that is likely to be widely deployed and could be very useful to a threat actor that already has some access to a network.
“Using a modified version of the public tool ‘GiveMeAHand’, Rapid7 discovered a SYSTEM process handle with ‘PROCESS_ALL_ACCESS’ rights being leaked into the ‘CtxGfx.exe’ process, which the low-privileged user owns,” Rapid7 said in an 8 July blog post.
The same tool was then used to spawn a new system process, obtain administrative rights, and then use Process Hacker to further analyse the vulnerable applications.
According to Citrix’s disclosure notice, the vulnerability affects the following versions of the Windows Virtual Delivery Agent for single-session OS:
The vulnerability does not impact Citrix Virtual Apps and Desktops 2203 LTSR.
“Citrix strongly recommends that customers upgrade their Windows Virtual Delivery Agent for single-session OS to versions that contain the fixes as soon as possible,” Citrix said.
Citrix Virtual Apps and Desktops 2503 and later versions have been fixed, while updates have been released for Citrix Virtual Apps and Desktops 2402 LTSR CU1 and CU2.
“Cloud Software Group thanks Timm Lippert and Christopher Beckmann from SySS GmbH, as well as Brandon Fisher, security consultant from Rapid7, for working with us in protecting Cloud Software Group customers,” Citrix said.
Citrix has faced criticism over several recent flaws in its NetScaler appliances, some of which are already being exploited in the wild.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
