Citrix Session Recording Improper Privilege Management Vulnerability
Citrix — Session Recording
- Added to KEV catalog
- 25 August 2025
- Federal remediation due date
- 15 September 2025
- Weakness classification (CWE)
- CWE-269
CISA Description
Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8068
More Citrix Vulnerabilities
Citrix NetScaler Out-of-Bounds Read Vulnerability
Citrix NetScaler Memory Overflow Vulnerability
Citrix Session Recording Deserialization of Untrusted Data Vulnerability
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services