CVE-2024-8069
Published: 12 November 2024
Summary
CVE-2024-8069 is a medium-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Citrix Session Recording. Its CVSS base score is 5.1 (Medium).
Operationally, ranked in the top 2.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-8069 is a deserialization vulnerability that permits limited remote code execution under NetworkService account privileges within Citrix Session Recording. The affected component is the session recording server when accessed over the network by an authenticated user.
An attacker who is already an authenticated user on the same intranet as the session recording server can exploit the flaw to run arbitrary code with the limited privileges of the NetworkService account, resulting in partial impacts to confidentiality, integrity, and availability on the affected host.
Citrix has published security bulletin CTX691941 addressing both CVE-2024-8068 and CVE-2024-8069, and the vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog. The associated EPSS score rose from lower values to a peak of 0.6675 before receding to its current level of 0.4829, indicating increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-48915
Vulnerability details
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
- CWE(s)
- KEV Date Added
- 25 August 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters the deserialization flaw (CWE-502) by requiring validation of untrusted input before object reconstruction in the Session Recording service.
Enforces boundary protection and network segmentation to block adjacent-network access from intranet hosts to the Session Recording server.
Limits the Citrix service to NetworkService privileges, thereby containing the scope of code execution even if deserialization succeeds.