Cyber Security News

XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code

Cyware
XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code

Citrix has released a security bulletin addressing critical vulnerabilities in XenServer VM Tools for Windows that could allow privilege escalation. Users of affected Windows VMs on XenServer 8.4 and Citrix Hypervisor 8.2 CU1 LTSR should urgently update to version 9.4.1 or later. #CVE-2025-27462 #XenServer #CitrixHypervisor

Keypoints

  • Critical vulnerabilities in XenServer VM Tools for Windows allow privilege escalation.
  • The flaws are critical for Windows VMs on XenServer 8.4 and Citrix Hypervisor 8.2 CU1 LTSR.
  • Linux guest VMs are not affected by these vulnerabilities.
  • Citrix recommends updating to version 9.4.1 or later to mitigate risks.
  • Detection can be performed through driver version checking and scripts within VMs and hosts.

Read More: https://gbhackers.com/xenserver-windows-vm-tools-flaw/