Citrix Products Multiple Vulnerabilities

Release Date: 10 Jul 2025

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and elevation of privilege on the targeted system.

---

Impact

• Elevation of Privilege
• Information Disclosure

---

System / Technologies affected

• Citrix Virtual Apps and Desktops versions before 2503 
• Citrix Virtual Apps and Desktops 2402 LTSR CU2 and earlier versions of 2402 LTSR
• Citrix XenServer 8.4

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694846&articleURL=XenServer_Security_Update_for_CVE_2024_36350_and_CVE_2024_36357
• https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694820&articleURL=Windows_Virtual_Delivery_Agent_for_CVAD_and_Citrix_DaaS_Security_Bulletin_CVE_2025_6759

---

Vulnerability Identifier

• CVE-2024-36350
• CVE-2024-36357
• CVE-2025-6759

---

Source

• Citrix

---

Related Link

• https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694846&articleURL=XenServer_Security_Update_for_CVE_2024_36350_and_CVE_2024_36357
• https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694820&articleURL=Windows_Virtual_Delivery_Agent_for_CVAD_and_Citrix_DaaS_Security_Bulletin_CVE_2025_6759