Security Intelligence
Loading table of contents...
Loading table of contents...
On June 17, 2025, Citrix addressed two vulnerabilities in NetScaler application delivery controller (ADC) and NetScaler Gateway.
One of the vulnerabilities, tracked as CVE-2025-5777, is rated as Critical and mirrors a previously exploited 2023 vulnerability known as CitrixBleed (CVE-2023-4966). The issue has been assigned a Common Vulnerability Scoring System (CVSS) score of 9.3 out of 10.
CVE-2025-5777 could allow a remote unauthenticated user to read memory from NetScaler devices that are configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or Authentication, Authorization, and Accounting (AAA) virtual server.
It may lead to the exposure of sensitive memory content, including session tokens, which could be used to bypass authentication even with multifactor authentication enabled. Exploitation requires no authentication or user interaction and can be executed remotely over the network.
The second flaw, CVE-2025-5349, while less severe, still poses a risk through improper access control on the NetScaler Management Interface. The issue could allow unauthorized access to critical system components.
The vulnerability was assigned a high-severity CVSS base score of 8.7.
The following supported versions of NetScaler ADC and NetScaler Gateway are affected by these vulnerabilities:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56;
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32;
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.235-FIPS and NDcPP; and
- NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328-FIPS.
Citrix noted that NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now end-of-life and not receiving updates.
Stay on top of emerging threats.
Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.
Analyst notes:
Although there is no current exploitation noted, the broader risk lies in the historical pattern of threat actors rapidly weaponizing Citrix vulnerabilities. Organizations should review their networks for use of vulnerable instances of the NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products, and consult Citrix's security advisory for mitigation advice.
Note that Citrix recommends upgrading to the patched versions and terminating active ICA and PCoIP sessions post-upgrade to invalidate any potentially compromised tokens. This advice only applies to customer-managed NetScaler ADC and NetScaler Gateway. Cloud Software Group upgrades the Citrix-managed cloud services and Citrix-managed Adaptive Authentication with the necessary software updates.
Customers using end-of-life versions (12.1 and 13.0) are strongly advised to migrate to supported build versions.
