Citrix NetScaler ADC & Gateway Flaws Expose Sensitive Data to Hackers

Two critical vulnerabilities have been discovered in Citrix NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), potentially exposing sensitive data to hackers and putting enterprise networks at significant risk. 

The flaws, identified as CVE-2025-5349 and CVE-2025-5777, have been rated with high severity, carrying CVSS base scores of 8.7 and 9.3, respectively.

Summary of the Vulnerability

• CVE-2025-5349: This vulnerability involves improper access control on the NetScaler Management Interface. An attacker with access to the Network Services IP (NSIP), Cluster Management IP, or local Global Server Load Balancing (GSLB) Site IP could exploit this flaw to gain unauthorized access to critical management functions.
• CVE-2025-5777: This more severe vulnerability is due to insufficient input validation, leading to memory overread. It affects systems configured as Gateway services, such as VPN virtual servers, ICA Proxy, Citrix Virtual Private Network (CVPN), Remote Desktop Protocol (RDP) Proxy, or Authentication, Authorization, and Accounting (AAA) virtual servers. Successful exploitation could allow attackers to read sensitive memory contents, including credentials and configuration data.

Affected Versions

The following versions are vulnerable and require immediate attention:

• NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56
• NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32
• NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.235-FIPS and NDcPP
• NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328-FIPS

Organizations running affected NetScaler ADC and Gateway deployments are at risk of unauthorized access and data leakage.

The vulnerabilities can be exploited remotely, and there is significant potential for attackers to compromise sensitive corporate data and network resources. 

Secure Private Access on-premises and hybrid deployments using NetScaler are also impacted.

Mitigation Steps:

• Upgrade to NetScaler ADC and Gateway 14.1-43.56 or later, 13.1-58.32 or later, or the corresponding FIPS-compliant releases.
• After upgrading, administrators should run the following commands to terminate all active ICA and PCoIP sessions:

kill icaconnection -all
kill pcoipConnection -all

• Customers using Citrix-managed cloud services are automatically updated.

These vulnerabilities were responsibly disclosed by security researchers from Positive Technologies and ITA MOD CERT (CERTDIFESA), who worked with Citrix’s parent company, Cloud Software Group, to ensure a coordinated and timely response before public disclosure.

Given the critical nature of these vulnerabilities and the potential for severe breaches, organizations are strongly advised to prioritize patching and follow the recommended mitigation steps without delay.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates