CVE-2025-5349 & CVE-2025-5777: Critical Security Bugs in Citrix NetScaler ADC & Gateway

On June 17, 2025, Citrix published a critical security bulletin about two vulnerabilities, CVE-2025-5349 and CVE-2025-5777, affecting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). These vulnerabilities, if exploited, could potentially allow attackers to bypass access controls or cause memory overreads, thereby exposing sensitive data and posing significant risks to network security. Customers utilizing affected versions of NetScaler ADC and Gateway products are strongly urged to upgrade to patched versions.

Severity Level: Critical

Vulnerability Details

1. CVE-2025-5349 – Improper Access Control on the NetScaler Management Interface

• Description: This vulnerability stems from improper access control mechanisms on the NetScaler Management Interface. If exploited, an attacker can gain unauthorized access to the NSIP, Cluster Management IP, or local GSLB Site IP.
• CVSS Score: 8.7
• CWE: CWE-284 (Improper Access Control)

2. CVE-2025-5777 – Insufficient Input Validation Leading to Memory Overread

• Description: This vulnerability arises from insufficient input validation, leading to memory overreads. It is triggered when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
• CVSS Score: 9.3
• CWE: CWE-125 (Out-of-bounds Read)

Affected Products

The following NetScaler ADC and NetScaler Gateway versions are vulnerable to the mentioned CVEs:

• NetScaler ADC and NetScaler Gateway 14.1 before version 14.1-43.56
• NetScaler ADC and NetScaler Gateway 13.1 before version 13.1-58.32
• NetScaler ADC 13.1-FIPS and NDcPP before version 13.1-37.235
• NetScaler ADC 12.1-FIPS before version 12.1-55.328

End of Life (EOL) versions 12.1 and 13.0 are vulnerable and no longer supported.

Recommendations

1. Customers are urged to upgrade to the patched versions. These bugs are fixed in:

• NetScaler ADC and NetScaler Gateway 14.1-43.56 and later releases
• NetScaler ADC and NetScaler Gateway 13.1-58.32 and later releases of 13.1
• NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.235 and later releases of 13.1-FIPS and 13.1-NDcPP
• NetScaler ADC 12.1-FIPS 12.1-55.328 and later releases of 12.1-FIPS

2. After upgrading, Citrix recommends running the following commands to terminate all active ICA and PCoIP sessions across all upgraded NetScaler appliances:

• kill icaconnection -all
• kill pcoipConnection -all

This will ensure that no sessions remain active after the update, reducing the window for potential exploitation.

3. Users with EOL versions (12.1, 13.0) are advised to upgrade to supported versions to maintain security and functionality.

Source:

• https://gbhackers.com/citrix-netscaler-adc-gateway-flaws/
• https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.