Published: Mon 23 June 2025
Prepared by: Adam Skupien, Vulnerability Security Analyst
This bulletin addresses two recently disclosed vulnerabilities, the High Severity CVE-2025-5349 and the Critical Severity CVE-2025-5777 present in Citrix NetScaler ADC and NetScaler Gateway appliances, which when exploited could result in the exposure of sensitive data.
On 20 June 2025, the Australian Cyber Security Centre (ACSC) issued an advisory on CVE-2025-5349 and CVE-2025-5777 urging organisations to mitigate the risk by following Citrix recommendations as outlined below.
On 17 June 2025, Citrix published a vulnerability disclosure related to the following vulnerabilities:
The vulnerabilities affect several versions of NetScaler ADC and NetScaler Gateway, as listed below:
Exploitation of the vulnerabilities could result in exposure of sensitive data including credentials.
Customers with affected versions of NetScaler ADC and NetScaler Gateway are strongly urged to install the relevant updated versions as soon as possible.
Additionally, it is recommended to run the following commands to terminate all active ICA and PCoIP sessions after all NetScaler appliances in the HA pair or cluster have been upgraded to the fixed builds:
kill icaconnection -all
kill pcoipConnection -all
Customers who believe they may be affected are advised to verify their current version of NetScaler ADC or NetScaler Gateway and apply any necessary updates.
Triskele Labs customers leveraging our Vulnerability Scanning and Monitor (24×7 SIEM) services are being proactively assessed and monitored for indicators of compromise (IOCs) and signs of lateral movement.