Critical Alert on Citrix NetScaler Vulnerabilities
The Australian Cyber Security Centre (ACSC) has issued a critical alert following a warning from Citrix regarding serious vulnerabilities in its NetScaler ADC (Application Delivery Controller) and NetScaler Gateway platforms. This advisory comes as organizations are urged to take immediate action to safeguard their systems.
Understanding the Vulnerabilities
Citrix identified two significant vulnerabilities affecting its NetScaler products. The first, designated as CVE-2025-5777, boasts a CVSS (Common Vulnerability Scoring System) score of 8.7. This vulnerability involves improper access control within the NetScaler Management Interface, posing considerable risks for unauthorized access.
The second vulnerability, CVE-2025-5778, is even more critical, with a CVSS score of 9.3. It relates to insufficient input validation, which could potentially lead to memory overread issues. The severity of these vulnerabilities necessitates urgent attention from all organizations utilizing affected NetScaler versions.
Impacted Versions
The vulnerabilities are primarily affecting the following versions of the NetScaler products:
- NetScaler ADC and NetScaler Gateway 14.1 (versions before 14.1-43.56)
- NetScaler ADC and NetScaler Gateway 13.1 (versions before 13.1-58.32)
- NetScaler ADC 13.1-FIPS and NDcPP (versions before 13.1-37.235-FIPS and 13.1-NDcPP)
- NetScaler ADC 12.1-FIPS (versions before 12.1-55.328-FIPS)
Both Citrix and the ACSC noted that versions 12.1 and 13.0 are now classified as end-of-life and will no longer receive security patches.
Recommended Actions for Users
In the wake of these vulnerabilities, Citrix strongly advises customers to upgrade their appliances to supported versions that address these known issues. According to Citrix’s advisory, organizations using vulnerable versions should transition to the following updated releases:
- NetScaler ADC and NetScaler Gateway 14.1-43.56 and later
- NetScaler ADC and NetScaler Gateway 13.1-58.32 and later
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.235 and later
- NetScaler ADC 12.1-FIPS 12.1-55.328 and later
This prompt action is critical to ensure that organizations remain protected from potential exploits stemming from these vulnerabilities.
Guidance from the ACSC
The ACSC emphasizes the importance of reviewing network infrastructure for instances of vulnerable NetScaler ADC and NetScaler Gateway products. In their advisory, they recommend consulting Citrix’s security advisory for detailed mitigation strategies and further advice on managing these vulnerabilities effectively.
As cyber threats continue to evolve, proactive measures are essential for maintaining the integrity and security of organizational networks. By staying informed and addressing vulnerabilities promptly, organizations can significantly reduce their risk exposure in the digital landscape.
If your organization uses any of the affected NetScaler products, ensure you are taking the necessary steps to protect your digital environment. Upgrading to supported versions is more than just a precaution—it’s a vital step in safeguarding sensitive data and maintaining business continuity.
