Updated:
Status:
CVEs:
Fortra is actively researching multiple vulnerabilities impacting Citrix NetScaler ADC and Citrix NetScaler Gateway. For mitigation, Citrix recommends installing the latest version of the affected platform.
Relevant vulnerabilities are:
- CVE-2025-5349: The NetScaler Management Interface contains an improper access control vulnerability.
- CVE-2025-5777: When configured as a Gateway, NetScaler contains an out-of-bounds read vulnerability due to insufficient input validation.
- CVE-2025-6543: When configured as a Gateway, NetScaler contains a memory overflow vulnerability that can lead to a denial-of-service condition.
Who is affected?
The following products are affected by these vulnerabilities.
- NetScaler ADC and NetScaler Gateway 14.1 - 14.1-43.55
- NetScaler ADC and NetScaler Gateway 13.1 - 13.1-58.31
- NetScaler ADC 13.1-FIPS 13.1 - 13.1-37.234
- NetScaler ADC 13.1-NDcPP 13.1 - 13.1-37.234
- NetScaler ADC 12.1-FIPS 12.1 - 12.1-55.327
- All versions of NetScaler ADC and NetScaler Gateway 12.1
- All versions of NetScaler ADC and NetScaler Gateway 13.0
What can I do?
Customers should install the latest version of these products as soon as possible. Citrix recommends the following updates:
- NetScaler ADC and NetScaler Gateway 14.1-43.56 or later
- NetScaler ADC and NetScaler Gateway 13.1-58.32 or later
- NetScaler ADC 13.1-FIPS 13.1-37.235 or later
- NetScaler ADC 13.1-NDcPP 13.1-37.235 or later
- NetScaler ADC 12.1-FIPS 12.1-55.328 or later
More information about Citrix's recommended mitigation steps and additional details about the vulnerabilities is available at CTX693420 and CTX694788.
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities.
- Alert Logic: On June 27, 2025, Fortra added a network banner check to the Fusion VM scanner for CVE-2025-5349, CVE-2025-5777, and CVE-2025-6543.
- Tripwire IP360: Tripwire released scan coverage on July 2, 2025, to identify vulnerable instances for IP360. The following table identifies matching vulnerabilities.
| CVE | Tripwire IP360 Vulnerabilities |
| CVE-2025-5349 | 733128 |
| CVE-2025-5777 | 733129 |
| CVE-2025-6543 | 733130 |
- Core Impact: On July 8th, 2025, Fortra delivered the exploit for CVE-2025-5777 CintrixBleed2 to customers. It targets an insufficient input validation that results in a memory overread in Citrix NetScaler ADC and Citrix NetScaler Gateway when NetScaler is configured as a Gateway in versions 14.1-43.50 and 14.1-38.53. The vulnerability allows unauthenticated remote attackers to obtain the application's cookies, session IDs, or passwords, and is reached via the /p/u/doAuthentication.do endpoint. This exploit will attempt to trigger the vulnerability to determine if the target system is vulnerable by obtaining a memory leak.
- FortraVM: Fortra has completed mappings for an authenticated scan to be included in the VM 4.69.0 release.
Updates
Fortra has kicked off the Emerging Threats process for this vulnerability. We will update this article with new information about this vulnerability and related security updates as they become available.
- 06/27/2025: Network banner check added to Fusion VM.
- 07/02/2025: Tripwire released scan coverage to identify vulnerable instances for IP360.
- 07/08/2025: Core Impact module for CVE-2025-5777 (CintrixBleed2) released.
- 07/08/2025: Fortra has added authenticated scan mappings, which will be released in FortraVM 4.69.0.
