229/68 Wednesday, June 25, 2025
Citrix has released critical security patches for vulnerabilities affecting its NetScaler ADC and NetScaler Gateway products, addressing serious flaws including CVE-2025-5777, which carries a CVSS score of 9.3. This vulnerability is classified as an out-of-bounds read, resulting from insufficient input validation. It allows attackers to craft specially designed requests to read memory contents from the device, potentially stealing active session tokens. The nature of the exploit closely resembles the notorious “CitrixBleed” (CVE-2023-4966) vulnerability that previously caused widespread impact.
Another high-severity vulnerability, CVE-2025-5349 (CVSS 8.7), involves improper access control. Both flaws affect multiple versions of NetScaler ADC and Gateway, specifically:
- Version 14.1 before 14.1-43.56
- Version 13.1 before 13.1-58.32
- FIPS and NDcPP versions prior to patched releases
- Versions 13.0 and 12.1, which have already reached end-of-life (EOL)
Citrix strongly urges all users to upgrade to the latest supported versions as soon as possible to prevent exploitation.
To further secure systems after patching, Citrix recommends that administrators run the commands kill icaconnection -all and kill pcoipConnection -all to terminate all active sessions on HA or clustered NetScaler systems. This precaution reduces the risk of session hijacking by attackers leveraging stolen tokens.
NetScaler vulnerabilities have been frequent targets for malicious actors in recent years, especially zero-day flaws like CVE-2023-4966, which prompted emergency alerts from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Organizations using NetScaler ADC or Gateway should immediately verify their software versions and apply all necessary patches to safeguard their infrastructure.
Source https://www.darkreading.com/vulnerabilities-threats/citrix-patches-vulns-netscaler-adc-gateway
