Release Date: 18-06-2025 15:27:02

History:

On 17 June 2025, Citrix released an advisory addressing two high severity vulnerabilities in NetScaler ADC and NetScaler Gateway [1].

It is recommended updating affected assets as soon as possible.

The vulnerability , with a CVSS score of 9.3, is due to insufficient input validation leading to memory overread. To be exploitable, NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

The vulnerability , with a CVSS score of 8.7, is due to improper access control on the NetScaler Management Interface. To exploit this vulnerability, it is necessary for an attacker to have access to the NSIP address, the Cluster Management IP or the local GSLB Site IP.

The following products are affected [1]:

Note: NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are End Of Life (EOL) and are vulnerable.

It is recommended updating as soon as possible to the latest version of NetScaler ADC and NetScaler Gateway.

Additionally, Citrix recommends running the following commands to terminate all active ICA and PCoIP sessions after all NetScaler appliances in the HA pair or cluster have been upgraded to the fixed builds:

kill icaconnection -all kill pcoipConnection -all 

[1] https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_5349_and_CVE_2025_5777