This message was deleted.

just got this too. didnt 2305 have an issue with cpm with a hot fix out as well?

Yes: https://support.citrix.com/article/CTX559448/hotfix-profilemgmt235100-for-citrix-virtual-apps-and-desktops-2305

The vulnerability doesn't sound very severe from how I read it. Users need to be authorized to launch an unauthorized desktop?

Any PoC to better understand impact?

Well.. if proper lockdown settings are not in place, they could access applications and tools that are not published. So at least in theory this widens the window for other exploits I guess.