Citrix XenServer VM Tools for Windows < 9.4.1 Multiple Vulnerabilities

critical Nessus Plugin ID 237466

Synopsis

Citrix XenServer VM Tools for Windows running on the remote host is affected by multiple vulnerabilities

Description

The version of Citrix XenServer VM Tools for Windows installed on the remote host is potentially affected by arbitrary code execution vulnerabilities due to a lack of security descriptors.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to XenServer VM Tools for Windows 9.4.1 or later

See Also

https://xenbits.xenproject.org/xsa/advisory-468.html

http://www.nessus.org/u?bc095f6d

Plugin Details

Severity: Critical

ID: 237466

File Name: citrix_xenserver_vm_tools_for_windows_9_4_1.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 5/29/2025

Updated: 5/29/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-27462

CVSS v3

Risk Factor: Critical

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/a:citrix:xenserver_vm_tools

Required KB Items: SMB/Registry/Enumerated, installed_sw/XenServer VM Tools

Patch Publication Date: 5/27/2025

Vulnerability Publication Date: 5/27/2025

Reference Information

CVE: CVE-2025-27462, CVE-2025-27463, CVE-2025-27464

IAVA: 2025-A-0380