A vulnerability was found in Citrix Virtual Apps and Desktops up to 2502/2402 LTSR CU2. It has been declared as critical. This vulnerability affects unknown code of the component Windows Virtual Delivery Agent for CVAD/DaaS. The manipulation leads to improper privilege management.

This vulnerability was named CVE-2025-6759. An attack has to be approached locally. There is no exploit available.

It is recommended to upgrade the affected component.