Critical Vulnerability Patched in Citrix NetScaler

Critical Vulnerability Patched in Citrix NetScaler

Posted on By CWS

Citrix on Tuesday introduced patches for 4 vulnerabilities throughout three merchandise, together with a critical-severity challenge in NetScaler ADC and NetScaler Gateway.

The essential flaw, tracked as CVE-2025-5777 (CVSS rating of 9.3), is described as an out-of-bounds reminiscence learn brought on by inadequate enter validation.

Solely NetScaler deployments configured as Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or as Authentication, Authorization, and Accounting (AAA) digital server are affected, Citrix explains in its advisory.

The flaw was addressed in NetScaler ADC variations 14.1-43.56, 13.1-58.32, 13.1-FIPS, 13.1-NDcPP 13.1-37.235, and 12.1-FIPS 12.1-55.328, and in NetScaler Gateway variations 14.1-43.56 and 13.1-58.32.

The updates additionally handle CVE-2025-5349, a high-severity improper entry management challenge within the NetScaler Administration Interface.

Citrix warns that NetScaler ADC and Gateway variations 12.1 and 13.0, which have been discontinued, are affected by these vulnerabilities too, urging prospects to improve to a supported iteration as quickly as attainable.

On Tuesday, the corporate additionally launched fixes for a high-severity improper privilege administration flaw in Safe Entry Consumer for Home windows that could possibly be exploited to acquire System privileges. Tracked as CVE-2025-0320, the safety defect was addressed in Safe Entry Consumer for Home windows model 25.5.1.15.

One other high-severity improper privilege administration vulnerability, tracked as CVE-2025-4879, was addressed with the discharge of Citrix Workspace app for Home windows model 2409, and in Workspace app for Home windows 2402 LTSR CU2 Hotfix 1 and 2402 LTSR CU3 Hotfix 1.Commercial. Scroll to proceed studying.

Citrix makes no point out of any of those vulnerabilities being exploited within the wild, however customers are suggested to replace their installations as quickly as attainable. Extra info will be discovered on the corporate’s safety bulletins web page.

Associated: Citrix Warns of Password Spraying Assaults Focusing on NetScaler Home equipment

Associated: Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Merchandise

Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities

Security Week News Tags:, , , ,

Related Posts

AI Tools Pose New Supply Chain Risks, Researchers Warn AI Tools Pose New Supply Chain Risks, Researchers Warn Security Week News
Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw Security Week News
CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable Security Week News
Iranian Drone Attacks Expose Data Center Vulnerabilities Iranian Drone Attacks Expose Data Center Vulnerabilities Security Week News
California Gov. Gavin Newsom Signs Bill Creating AI Safety Measures California Gov. Gavin Newsom Signs Bill Creating AI Safety Measures Security Week News
Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit Security Week News