Detections
Analytics

Citrix Secure Access < 25.5.1.15 Privilege Escalation (CTX694724)

high Nessus Plugin ID 240757

Synopsis

Citrix Secure Access formerly known as Citrix Gateway Plug-in for Windows installed on the remote Windows host is affected by a privilege escalation vulnerability.

Description

The version of Citrix Secure Access installed on the remote host is prior to 25.5.1.15. It is, therefore, affected by a privilege escalation vulnerability which allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for windows.

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Citrix Secure Access Client for Windows version 25.5.1.15, or later.

See Also

http://www.nessus.org/u?5caf26b8

Plugin Details

Severity: High

ID: 240757

File Name: citrix_gateway_plug-in_CTX694724.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 6/27/2025

Updated: 6/27/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v4

Risk Factor: High

Base Score: 8.6

Threat Score: 6.1

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:citrix:secure_access

Patch Publication Date: 6/17/2025

Vulnerability Publication Date: 6/17/2025

Reference Information

CVE: CVE-2025-0320

IAVB: 2025-A-0448