聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2025-4879 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | 7.3 | 0.07% | 2025-06-17 | 2025-08-06 |
| CVE-2025-0320 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows | 8.6 | 0.07% | 2025-06-17 | 2025-08-06 |
| CVE-2025-1223 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | 5.9 | 0.15% | 2025-02-20 | 2026-04-29 |
| CVE-2025-1222 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | 5.9 | 0.15% | 2025-02-20 | 2026-04-29 |
| CVE-2024-6151 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS | 8.5 | 0.16% | 2024-07-10 | 2025-07-25 |
| CVE-2022-26355 | Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS adminis | 4.4 | 0.17% | 2022-03-10 | 2024-11-21 |
| CVE-2024-5661 | An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. | 6.0 | 0.17% | 2024-06-13 | 2024-11-21 |
| CVE-2024-7890 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | 5.4 | 0.18% | 2024-09-11 | 2024-10-22 |
| CVE-2023-24486 | A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | 5.5 | 0.18% | 2023-07-10 | 2024-11-21 |
| CVE-2023-24491 | A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. | 7.8 | 0.19% | 2023-07-11 | 2024-11-21 |
| CVE-2024-6149 | Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5 | 4.8 | 0.21% | 2024-07-10 | 2025-07-25 |
| CVE-2023-24485 | Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | 7.8 | 0.22% | 2023-02-16 | 2025-03-19 |
| CVE-2024-6677 | Privilege escalation in uberAgent | 7.3 | 0.22% | 2024-07-12 | 2025-07-25 |
| CVE-2024-6150 | A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning | 4.8 | 0.24% | 2024-07-10 | 2025-07-25 |
| CVE-2025-6759 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS | 7.3 | 0.24% | 2025-07-08 | 2025-08-06 |
| CVE-2024-7889 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | 7.0 | 0.25% | 2024-09-11 | 2024-10-22 |
| CVE-2023-24484 | A malicious user can cause log files to be written to a directory that they do not have permission to write to. | 5.5 | 0.26% | 2023-02-16 | 2025-03-18 |
| CVE-2023-24483 | A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. | 7.8 | 0.27% | 2023-02-16 | 2025-03-18 |
| CVE-2022-27513 | Remote desktop takeover via phishing | 8.3 | 0.27% | 2022-11-08 | 2024-11-21 |
| CVE-2023-24490 | Users with only access to launch VDA applications can launch an unauthorized desktop | 6.3 | 0.30% | 2023-07-10 | 2024-11-21 |