[German]Various German blog readers have informed me that the provider Citrix has published several security advisories on critical vulnerabilities in the Netscaler ADC (and Gateway, and Secure Access Client for Window) as of June 17, 2025. Administrators are requested to update the affected products to the fixed versions as soon as possible.
NetScaler ADC and NetScaler Gateway vulnerabilities
The following vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway have become public.
CVE-2025-5349: NetScaler management interface
In CVE-2025-5349 (CVSS 8.7) the NetScaler management interface is affected by an Improper Access Control vulnerability. An attacker with access to the Network Services IP (NSIP), Cluster Management IP or local GSLB Site IP can gain unauthorized access to the management interface. A prerequisite for a successful attack is network access to these IP addresses.
CVE-2025-5777: NetScaler as Gateway
With CVE-2025-5777 (CVSS 9.3), the NetScaler ADC and the NetScaler Gateway are affected by insufficient input validation. This leads to a read outside the permitted memory (memory overread) on the NetScaler management interface.
NetScaler systems that are configured as a gateway (e.g. VPN vServer, ICA Proxy, Citrix Virtual Private Network, RDP Proxy or AAA vServer) are affected. A successful attack can lead to sensitive data being read out
CVE-2025-0320 Citrix Secure Access Client for Windows
There is also the vulnerability CVE-2025-0320 in Citrix Secure Access Client for Windows, which has been rated High with a CVSS of 8.6. The Local Privilege Escalation vulnerability allows a user with low privileges to gain SYSTEM privileges in the Citrix Secure Access Client for Windows.
Citrix security advisories and affected versions
The vulnerabilities affect NetScaler ADC and Gateway versions 14.1 before 14.1-43.56, 13.1 before 13.1-58.32 and various FIPS versions. Important: Older versions (12.1 and 13.0) are end-of-life (EOL) and will no longer receive security updates.
The recommended action from Citrix is to immediately update to the patched versions (e.g. 14.1-43.56, 13.1-58.32). After the update, all active ICA and PCoIP sessions on all NetScaler appliances should be terminated to ensure complete protection. A reader sent me a link to the article Citrix NetScaler ADC and Gateway Vulnerabilities Allow Attackers to Access Sensitive Data, where you can find an overview..
Citrix itself has published the following security advisories with further details (see this comment).
- CTX693420 (NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777),
- CTX694718 (Citrix Workspace app for Windows Security Bulletin CVE-2025-4879)
- CTX694724 (Citrix Secure Access Client for Windows Security Bulletin for CVE-2025-0320)
In addition, a reader pointed out CTX694729 (NetScaler Console and NetScaler SDX (SVM), CVE-2025-4365) – he received it by e-mail from Citrix.
