PatchSiren cyber security CVE debrief
CVE-2025-66391 Citrix CVE debrief
A vulnerability in Citrix Cloud through 2025-11-10 allows an attacker with read-only access to trigger the beginning of a workflow for write operations. For example, the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account. This issue may impact organizations using Citrix Cloud, particularly those with user accounts that have read-only access. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity.
- Vendor
- Citrix
- Product
- Citrix Cloud
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Administrators and users of Citrix Cloud should be aware of this vulnerability and take necessary precautions to prevent exploitation. This includes reviewing and updating Citrix Cloud configurations, monitoring systems for suspicious activity, and implementing additional security measures to prevent unauthorized access. Organizations using Citrix Cloud should verify the affected scope and severity with the vendor and consider the potential impact on their systems.
Technical summary
The vulnerability exists in Citrix Cloud through 2025-11-10. An attacker with read-only access can trigger the beginning of a workflow for write operations. For instance, when an attacker attempts to reset the password of a user account, the system will send a one-time password to an attacker-controlled email address. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. There is no information available about a patch or workaround.
Defensive priority
High
Recommended defensive actions
- Review and update Citrix Cloud configurations to prevent exploitation.
- Monitor Citrix Cloud systems for suspicious activity.
- Implement additional security measures to prevent unauthorized access.
- Verify the affected scope and severity with the vendor.
- Consider the potential impact on systems and user accounts.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-06-17T14:17:31.467Z and has not been modified since then. The NVD entry is currently Awaiting Analysis. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability exists in Citrix Cloud through 2025-11-10.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T14:17:31.467Z and has not been modified since then.