CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2019-11634

CVSS 9.8v3.1pub. 2019-05-22upd. 2025-11-06

Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Citrix Receiver

    APP
    Citrix
    4.9
  • Citrix Workspace

    APP
    Citrix
    < 1904

CISA KEV — detailsi

Vendori
Citrix
Producti
Workspace Application and Receiver for Windows
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 3 maja 2022
CWE
References

Related vulnerabilities

CVE-2025-4879HIGH7.3ten sam produkt

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for ...

CVE-2024-7889HIGH7.0ten sam produkt

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for ...

CVE-2024-6286HIGH8.5ten sam produkt

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for...

CVE-2023-24485HIGH7.8ten sam produkt

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations a...

CVE-2022-21825HIGH7.8ten sam produkt

An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protect...