Urgent Warning Issued for NetScaler ADC and NetScaler Gateway Appliances

Urgent Warning Issued for NetScaler ADC and NetScaler Gateway Appliances

Multiple vulnerabilities have been reported in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products, according to a critical alert issued by the Australian Signals Directorate's Australian Cyber Security Centre.

The most severe of these vulnerabilities, CVE-2025-7776, is a high memory overflow vulnerability leading to unpredictable or erroneous behaviour and Denial of Service in NetScaler ADC and NetScaler Gateway. CVE-2025-7775, another critical memory overflow vulnerability, enables Remote Code Execution and/or Denial of Service in the same products.

Citrix's Security Bulletin advises that NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP, NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP, and NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22 are affected by these reported vulnerabilities. NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48 are also affected.

Active exploitation of these vulnerabilities has been observed, with incidents like a major Canadian telecommunications provider being targeted in February 2025 due to an unpatched critical Cisco network device vulnerability. Attackers exploited these to extract configuration data and install backdoors enabling network traffic monitoring. Additionally, critical vulnerabilities like CVE-2025-5777 ("CitrixBleed 2") have been actively exploited worldwide by threat actors including ransomware groups to access sensitive session tokens without authentication.

CVE-2025-8424 is another high vulnerability involving improper access control on the NetScaler Management Interface.

Organisations that have been impacted, suspect impact or require advice and assistance can contact 1300 CYBER1 (1300 292 371). Updated software versions are available for affected NetScaler products.

The alert can be read on the website Multiple vulnerabilities affecting NetScaler ADC and NetScaler Gateway devices | Cyber.gov.au. Additional details are available at Critical security update announced for NetScaler Gateway and NetScaler.

Australian organisations are urged to review their networks for use of vulnerable instances of NetScaler ADC and NetScaler Gateway.

Read also:

• Oxidative Stress in Sperm Abnormalities: Impact of Reactive Oxygen Species (ROS) on Sperm Harm
• Is it possible to receive the hepatitis B vaccine more than once?
• Transgender Individuals and Menopause: A Question of Occurrence?
• Genetically manipulated rabbits sprout ominous black horns on their heads