SOC Advisory – Memory Overread & DoS Risks in Citrix NetScaler – 18 June 2025

Date: 18 June 2025

Critical vulnerabilities have been identified in Citrix NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). These flaws include a memory overread issue and a denial-of-service vulnerability, which could be exploited to disrupt services or potentially compromise affected systems under certain configurations.

Overview

Two distinct vulnerabilities impact the NetScaler Management Interface and Gateway components:

• CVE-2025-5349: Insufficient input validation resulting in a memory overread, potentially leading to information disclosure.
• CVE-2025-5777: A vulnerability that may enable denial-of-service (DoS) or even remote compromise, particularly affecting systems configured as VPN virtual servers, ICA Proxies, CVPN, RDP Proxies, or AAA virtual servers.

These vulnerabilities are particularly concerning due to the common exposure of NetScaler appliances to the internet and the potential for automated discovery and exploitation.

Impact

• Potential memory overread leading to information disclosure.
• Possible denial-of-service attacks, with risk of full compromise in certain configurations.
• Affects NetScaler Management Interface and Gateway components.

Affected Products and Versions

• Citrix NetScaler ADC (formerly NetScaler ADC)
• Citrix NetScaler Gateway (formerly NetScaler Gateway)

Specific affected versions have not been publicly detailed; please consult Citrix advisories for your product versions.

Mitigation and Recommendations

• Apply the latest security patches provided by Citrix as soon as possible.
• Terminate all ICA sessions following upgrades, particularly in high availability pairs.
• Restrict external access to management interfaces where feasible.
• Monitor logs and network traffic for unusual activity.
• Consider scheduling upgrades promptly to reduce exposure, as these devices are often indexed by scanning platforms like Shodan, increasing risk of automated attacks.

Current Exploitation Status

As of this advisory, there have been no confirmed reports of active exploitation of these vulnerabilities in the wild. However, due to their critical nature and potential impact, immediate patching is strongly advised.

Reference

• Citrix NetScaler Advisory
  

Need Help?

If your organisation requires assistance identifying affected systems, applying updates or adjusting controller configurations, our team is here to help. Email us via soc@secure-iss.com for assistance.