Citrix Session Recording Deserialization of Untrusted Data Vulnerability (CVE-2024-8069)
Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server.
An attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2025-09-15 under CISA BOD 22-01.
This is a Deserialization of Untrusted Data (CWE-502) vulnerability in Citrix Session Recording. Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server Exploitation requires adjacent_network access, low attack complexity, a low-privilege authenticated account, and no user interaction required.
Probably yes if any of these apply:
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2025-08-25 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2025-09-15.
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.