Australian Cyber Security Magazine

Critical vulnerabilities in Citrix Products

0
By on Cyber Security, Featured, Vulnerabilities

The ASD’s ACSC has issued a critical alert to its subscriber community concerning vulnerabilities in Citrix Netscaler ADC and NetScaler Gateway Products with recommendations to update affected products to the latest versions and follow the advice detailed in the Citrix Security Advisory.

Update 4 July 2025

Citrix has identified exploitation of a separate vulnerability (CVE-2025-6543) in the NetScaler ADC and NetScaler Gateway products leading to a memory overflow vulnerability, resulting in unintended control flow and Denial of Service due to insufficient input validation.

Further to the previous patches and advice, organisations with the following NetScaler ADC and NetScaler Gateway products are advised to follow the advice contained in NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543 | Citrix:

  1. NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.46
  2. NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.19
  3. NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.236-FIPS and NDcPP

Organisations should report any indications of compromise ASD’s ACSC via 1300 CYBER1 (1300 292 371) or Report | Cyber.gov.au.

Background / What’s happened?

Citrix has identified the following vulnerabilities  affecting Netscaler ADC and NetScaler Gateway products.

  • CVE-2025-5777: Insufficient input validation leading to memory overread, potentially leading to the exposure of sensitive data.

This vulnerability affects NetScaler products configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

  • CVE-2025-5349: Improper access control on the NetScaler Management Interface.

The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:

  • NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56
  • NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32
  • NetScaler ADC 13.1-FIPS and NDcPP  BEFORE 13.1-37.235-FIPS and NDcPP
  • NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328-FIPS

NOTE: Citrix advises that NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life (EOL) and not receiving patches.

Share.

Related Posts

ENJOY OUR OTHER CHANNELS