Do Son 
The Cloud Software Group has issued a security bulletin addressing two critical vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), affecting several supported and End-of-Life (EOL) product versions. The vulnerabilities, tracked as CVE-2025-5349 and CVE-2025-5777, carry CVSS v4.0 scores of 8.7 and 9.3, respectively, and could allow attackers to bypass access controls or overread memory under certain configurations.
The first vulnerability, tracked as CVE-2025-5349 and rated CVSS 8.7, stems from improper access control on the NetScaler Management Interface. Exploiting it requires access to one of the following: NSIP (NetScaler IP), Cluster Management IP, or local GSLB Site IP.
“Improper access control on the NetScaler Management Interface” with access to specific management IPs is required for exploitation.
If successfully exploited, attackers could gain unauthorized access to the administrative interface—potentially allowing them to manipulate configuration or extract sensitive information.
The second vulnerability, CVE-2025-5777, is more severe with a CVSS score of 9.3, and arises from insufficient input validation. If NetScaler is configured in certain modes—such as VPN virtual server, ICA Proxy, CVPN, RDP Proxy, or AAA virtual server—the vulnerability could be exploited to trigger a memory overread, exposing sensitive memory content.
“Insufficient input validation leading to memory overread… NetScaler must be configured as Gateway or AAA virtual server,” the advisory explains.
This could lead to data leakage, including session tokens or private configuration data, significantly increasing the risk of lateral movement or privilege escalation.
The following versions are affected and should be upgraded immediately:
- NetScaler ADC and Gateway 14.1 BEFORE 14.1-43.56
- NetScaler ADC and Gateway 13.1 BEFORE 13.1-58.32
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.235
- NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328
Notably, NetScaler versions 12.1 and 13.0 are now End-of-Life (EOL) and remain vulnerable. Customers using these versions must migrate to supported builds.
The Cloud Software Group urges customers to update to the following fixed versions:
- 14.1-43.56 or later
- 13.1-58.32 or later
- 13.1-FIPS/NDcPP 13.1-37.235 or later
- 12.1-FIPS 12.1-55.328 or later
Additionally, they advise administrators to terminate active sessions post-upgrade:
Related Posts:
- Citrix Alerts on Global Password Spraying Campaigns Targeting NetScaler Appliances
- Citrix NetScaler Under Siege: Significant Increase in Brute Force Attacks Observed
- CVE-2024-6235: NetScaler Console Flaw Enables Admin Access, PoC Publishes
- CVE-2024-12284 in NetScaler Console Exposes Systems to Unauthorized Command Execution
- Critical Citrix Vulnerabilities Expose Sensitive Data, Cause DoS
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
