Customers using unsupported versions of NetScaler ADC and NetScaler Gateway, specifically versions 12.1 and 13.0, are advised to transition to updated versions due to identified vulnerabilities.
CVE-2025-5777, resulting from inadequate input validation, introduces an out-of-bounds read flaw. Similarly to CitrixBleed (CVE-2023-4966), unauthorized parties could exploit this weakness to obtain valid session tokens from the memory of exposed NetScaler devices through malicious requests, bypassing security measures.
Following the updates, customers are advised to end active ICA and PCoIP sessions to render potentially compromised tokens ineffective.
Citrix successfully addressed a significant security flaw (CVE-2025-5777) in NetScaler ADC and Gateway, reminiscent of the notorious CitrixBleed vulnerability. Another vulnerability (CVE-2025-5349) arising from flawed access controls on the NetScaler Management Interface has also been rectified.
Notably, vulnerabilities have been detected in Secure Private Access on-premise and Hybrid deployments utilizing NetScaler instances, emphasizing the importance of applying recommended updates promptly to counter these issues.
Historically, threat actors have swiftly targeted vulnerabilities in Citrix NetScaler ADC, underlining the critical need for rapid response to secure systems.
“Discontinuing sessions is the recommended course of action instead of rebooting appliances,” emphasized Anil Shetty, Senior VP of Engineering at NetScaler. For clustered setups, session termination commands should be executed on each node. In cases of high-availability pairs, running the commands on the primary active node suffices, added Shetty.
The identified risks mainly concern customer-managed devices susceptible to potential attacks. While there have been no reports of active exploitation, users are strongly urged to update to the latest software versions and terminate ongoing sessions.
The security loophole identified can be exploited remotely without requiring special permissions or user input, impacting NetScaler devices configured as Gateways or Authentication, Authorization, and Accounting servers.
