CVE-2024-8069

CVE Database · CVE-2024-8069

CVE-2024-8069

· HIGHAnalyzed

CVSS v3.1

8.0

CVSS v4.0

5.1

EPSS

14.74%

Published

Nov 12, 2024

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2025-08-25 · Due: 2025-09-15

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (2)

All weaponized →

TrickestTrickest PoC index GitHub PoCmdiqbalahmad/cve-2024-8069-exp-Citrix-Virtual-Apps-XEN★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-502

Affected Products (17)

citrix · session_recording (up to 2407)vulnerable

citrix · session_recordingvulnerable

References (2)

https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8069

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs