CVE-2025-6759

Name of the Vulnerable Software and Affected Versions Windows Virtual Delivery Agent for CVAD and Citrix DaaS versions prior to 2503 Windows Virtual Delivery Agent for CVAD and Citrix DaaS 2402 LTSR versions through CU2 2203 LTSR is not affected.

Description A local privilege escalation issue exists in Windows Virtual Delivery Agent for CVAD and Citrix DaaS. This allows a low-privileged user to gain SYSTEM privileges. The issue stems from an open process handle with PROCESS ALL ACCESS rights within GfxMgr.exe, running with SYSTEM privileges. This handle leaks into a child process, CtxGfx.exe, running with lower privileges. An attacker can duplicate this handle from CtxGfx.exe to create a new process with SYSTEM access.

Recommendations Windows Virtual Delivery Agent for CVAD and Citrix DaaS versions prior to 2503: Update to version 2503 or later. Windows Virtual Delivery Agent for CVAD and Citrix DaaS 2402 LTSR versions through CU2: Apply the latest Cumulative Update (CU) available, ensuring it is newer than CU2.