PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-66391 Citrix CVE debrief

A vulnerability in Citrix Cloud through 2025-11-10 allows an attacker with read-only access to trigger the beginning of a workflow for write operations. For example, the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account. This issue may impact organizations using Citrix Cloud, particularly those with user accounts that have read-only access. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity.

Vendor
Citrix
Product
Citrix Cloud
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and users of Citrix Cloud should be aware of this vulnerability and take necessary precautions to prevent exploitation. This includes reviewing and updating Citrix Cloud configurations, monitoring systems for suspicious activity, and implementing additional security measures to prevent unauthorized access. Organizations using Citrix Cloud should verify the affected scope and severity with the vendor and consider the potential impact on their systems.

Technical summary

The vulnerability exists in Citrix Cloud through 2025-11-10. An attacker with read-only access can trigger the beginning of a workflow for write operations. For instance, when an attacker attempts to reset the password of a user account, the system will send a one-time password to an attacker-controlled email address. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. There is no information available about a patch or workaround.

Defensive priority

High

Recommended defensive actions

  • Review and update Citrix Cloud configurations to prevent exploitation.
  • Monitor Citrix Cloud systems for suspicious activity.
  • Implement additional security measures to prevent unauthorized access.
  • Verify the affected scope and severity with the vendor.
  • Consider the potential impact on systems and user accounts.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-06-17T14:17:31.467Z and has not been modified since then. The NVD entry is currently Awaiting Analysis. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability exists in Citrix Cloud through 2025-11-10.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T14:17:31.467Z and has not been modified since then.