Updated:
Status:
CVEs:
Fortra is actively researching multiple vulnerabilities impacting Citrix NetScaler ADC and Citrix NetScaler Gateway. For mitigation, Citrix recommends installing the latest version of the affected platform.
Relevant vulnerabilities are:
- CVE-2025-5349: The NetScaler Management Interface contains an improper access control vulnerability.
- CVE-2025-5777: When configured as a Gateway, NetScaler contains an out-of-bounds read vulnerability due to insufficient input validation.
- CVE-2025-6543: When configured as a Gateway, NetScaler contains a memory overflow vulnerability that can lead to a denial-of-service condition.
Who is affected?
The following products are affected by these vulnerabilities.
- NetScaler ADC and NetScaler Gateway 14.1 - 14.1-43.55
- NetScaler ADC and NetScaler Gateway 13.1 - 13.1-58.31
- NetScaler ADC 13.1-FIPS 13.1 - 13.1-37.234
- NetScaler ADC 13.1-NDcPP 13.1 - 13.1-37.234
- NetScaler ADC 12.1-FIPS 12.1 - 12.1-55.327
- All versions of NetScaler ADC and NetScaler Gateway 12.1
- All versions of NetScaler ADC and NetScaler Gateway 13.0
What can I do?
Customers should install the latest version of these products as soon as possible. Citrix recommends the following updates:
- NetScaler ADC and NetScaler Gateway 14.1-43.56 or later
- NetScaler ADC and NetScaler Gateway 13.1-58.32 or later
- NetScaler ADC 13.1-FIPS 13.1-37.235 or later
- NetScaler ADC 13.1-NDcPP 13.1-37.235 or later
- NetScaler ADC 12.1-FIPS 12.1-55.328 or later
For Citrix's recommended mitigation steps and additional details about the vulnerabilities, more information is available at CTX693420 and CTX694788.
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities.
Updates
Fortra has kicked off the Emerging Threats process for this vulnerability. We will update this article with new information about this vulnerability and related security updates as they become available.
