time 1 minute read

Security Vulnerability in Citrix Virtual Delivery Agent Allows Privilege Escalation

A security vulnerability has been found in the Citrix Virtual Delivery Agent (VDA) for Windows that has the potential to allow a low-privileged user to gain SYSTEM privileges. This vulnerability has been named CVE-2025-6759 and has a CVSS v4 base score of 7.3 making it a ‘high severity’.

The following supported versions of the Citrix VDA are affected by this vulnerability:

  • Current Release (CR) versions prior to 2503
  • 2402 LTSR (all versions)

The 2203 LTSR versions of the VDA are not affected by this vulnerability.


What To Do
Since this vulnerability impacts the agent running within the machines that host user sessions, it is necessary to either update the machine images or apply updates to all persistent machines.

As a temporary workaround, customers using a vulnerable version of the VDA are recommended to apply the following registry key until the fix can be put into place:

[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxExceptionHandler]
"Enabled"=dword:00000000

After applying the registry key, the VDA must be restarted. Therefore, it must be incorporated into the master image of non-persistent machines.

To fully mitigate the vulnerability, customers should perform one of the following:

Next Steps
Customers are strongly encouraged to perform the required updates as soon as possible. Please reach out if you would like Helient Technologies’ highly experienced engineers to assist with the planning or deployment of these fixes.