Citrix Session Recording Improper Privilege Management Vulnerability (CVE-2024-8068)
Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.
An attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2025-09-15 under CISA BOD 22-01.
This is a Improper Privilege Management (CWE-269) vulnerability in Citrix Session Recording. Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain Exploitation requires adjacent_network access, low attack complexity, a low-privilege authenticated account, and no user interaction required.
Probably yes if any of these apply:
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2025-08-25 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2025-09-15.
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.