Citrix Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and remote code execution on the targeted system.
Note:
CVE-2024-8068 and CVE-2024-8069 are being exploited in the wild. For CVE-2024-8068, Citrix Session Recording contains an improper privilege management vulnerability that could allow attacker for privilege escalation to NetworkService Account access. For CVE-2024-8069, it contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker needs to be authenticated before exploiting these vulunbilities. Hence, the overall risk is rated as High Risk.
[Updated on 2025-08-26]
Updated Risk Level, Description and Related Links.
RISK: High Risk
TYPE: Operating Systems – Networks OS
Impact
- Remote Code Execution
- Elevation of Privilege
- Denial of Service
System / Technologies affected
- Citrix Virtual Apps and Desktops before 2407 hotfix 24.5.200.8
- Citrix Virtual Apps and Desktops 1912 LTSR before CU9 hotfix 19.12.9100.6
- Citrix Virtual Apps and Desktops 2203 LTSR before CU5 hotfix 22.03.5100.11
- Citrix Virtual Apps and Desktops 2402 LTSR before CU1 hotfix 24.02.1200.16
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-29.72
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-55.34
- NetScaler ADC 13.1-FIPS before 13.1-37.207
- NetScaler ADC 12.1-FIPS before 12.1-55.321
- NetScaler ADC 12.1-NDcPP before 12.1-55.321
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US
- https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US
Vulnerability Identifier
Source
Related Link
- https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US
- https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US
- https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
- https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit
- https://www.cisa.gov/news-events/alerts/2025/08/25/cisa-adds-three-known-exploited-vulnerabilities-catalog
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
