Skip to main content
Skip table of contents

ISN 2025-47: IGEL Citrix Workspace App Package Vulnerability

First published 3 November 2025

CVSS:3.1: 8.3 (High)

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

Summary

A security vulnerability has been found in the Citrix Workspace App (CWA) package for IGEL OS. This affects the following product versions:

  • IGEL OS 12

Details

A security issue has been found in the IGEL packages for Citrix Workspace App (CWA) released since 2503 Build 2 (17 June 2025): When changing the configuration from an Active Directory user to a local user on OS 12, it is still possible to log in as the Active Directory user via the cached Kerberos passthrough authentication.

Update Instructions

  • OS 12: Update to the Citrix Workspace App (CWA) in version 2505 Build 2 or newer when available from the IGEL App Portal.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close