Advisory 88

Advisory 88: Critical vulnerabilities in Citrix Netscaler ADC and NetScaler Gateway Products

Release Date: 26th of June 2025

Impact : HIGH / CRITICAL

TLP Rating: Clear

CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.

This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users and systems administrators.

What is it?

Citrix has identified the following vulnerabilities affecting the Netscaler ADC and NetScaler Gateway products.

  • CVE-2025-5777: Insufficient input validation leading to memory overread, potentially leading to the exposure of sensitive data.
    This vulnerability affects NetScaler products configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
  • CVE-2025-5349: Improper access control on the NetScaler Management Interface.

 

References

  1. https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420&artic%5B%E2%80%A6%5Dteway_Security_Bulletin_for_CVE_2025_5349_and_CVE_2025_5777=
  2. https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/critical-vulnerabilities-citrix-netscaler-adc-and-netscaler-gateway-products