Citrix Session Recording deserialization vulnerability

Added: 08/27/2025
CVE: CVE-2024-8069

Background

Citrix Session Recording is software for recording and archiving sessions for retrieval and playback.

Problem

Unsafe object deserialization in Citrix Session Recording could allow a remote attacker to execute arbitrary commands by sending a specially crafted SOAP request.

Resolution

Apply Citrix Session Recording 2407 hotfix 24.5.200.8, 1912 LTSR CU9 hotfix 19.12.9100.6, 2203 LTSR CU5 hotfix 22.03.5100.11, or 2402 LTSR CU1 hotfix 24.02.1200.16.

References

https://support.citrix.com/external/article?articleUrl=CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069&language=en_US
https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/

Platforms

Windows

Back to exploit index