Critical Vulnerabilities in Citrix NetScaler ADC and Gateway Expose Sensitive Data
Cloud Software Group has recently identified two critical security vulnerabilities in their NetScaler ADC and NetScaler Gateway products, formerly known as Citrix ADC and Gateway. These vulnerabilities, designated as CVE-2025-5349 and CVE-2025-5777, pose significant risks by potentially allowing unauthorized access to sensitive data and compromising network security.
Details of the Vulnerabilities:
1. CVE-2025-5349: This vulnerability arises from improper access control mechanisms within the NetScaler Management Interface. With a CVSS score of 8.7, it is considered critical. Exploitation requires access to specific IP addresses, including the Network Services IP (NSIP), Cluster Management IP, or local Global Server Load Balancing (GSLB) Site IP.
2. CVE-2025-5777: This issue stems from insufficient input validation, leading to memory overread conditions. It carries a CVSS score of 9.3, indicating a higher severity level. This vulnerability affects NetScaler systems configured as Gateway services, such as VPN virtual servers, ICA Proxy, Citrix Virtual Private Network (CVPN), Remote Desktop Protocol (RDP) Proxy, or Authentication, Authorization, and Accounting (AAA) virtual servers.
Affected Versions:
The vulnerabilities impact several versions of NetScaler products:
– NetScaler ADC and Gateway versions 14.1 before 14.1-43.56
– Version 13.1 before 13.1-58.32
– Various FIPS-compliant versions
Notably, NetScaler versions 12.1 and 13.0 have reached End of Life (EOL) status and remain vulnerable without available security patches. Organizations utilizing Secure Private Access on-premises or hybrid deployments with NetScaler instances are also at risk and should prioritize system upgrades. Customers using Citrix-managed cloud services receive automatic updates from Cloud Software Group.
Recommended Actions:
Cloud Software Group strongly advises affected customers to install the updated versions immediately. The patched versions include:
– NetScaler ADC and Gateway 14.1-43.56
– Version 13.1-58.32
– Corresponding FIPS-compliant updates
After upgrading, administrators should execute specific commands to terminate all active ICA and PCoIP sessions across all NetScaler appliances in high-availability pairs or clusters. This step ensures comprehensive protection against potential exploitation attempts.
Discovery and Disclosure:
These vulnerabilities were identified through responsible disclosure by security researchers from Positive Technologies and ITA MOD CERT (CERTDIFESA). They collaborated with Cloud Software Group to safeguard customers prior to public disclosure.
Conclusion:
Organizations operating NetScaler infrastructure should prioritize these updates due to the critical nature of these vulnerabilities. Failure to address these issues promptly could lead to unauthorized access to sensitive corporate data and network resources.
