Summary: On June 17 and 25, 2025, Citrix published security advisories for critical vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway. The New York State Intelligence Center’s (NYSIC) Cyber Analysis Unit (CAU) has indicated that these products are now experiencing active exploitation in the wild.
Analyst Note: These vulnerabilities involve critical flaws in Citrix products similar to the 2023 Citrix Bleed incident (CVE-2023-4966), which saw heavy exploitation by ransomware gangs and nation-states.
WaterISAC strongly recommends that organizations using Citrix NetScaler ADC and NetScaler Gateway appliances review the Citrix security bulletins and update or upgrade the affected systems to the following versions:
- NetScaler ADC and NetScaler Gateway 14.1-47.46 and later.
- NetScaler ADC and NetScaler Gateway 13.1-59.19 and later releases of 13.1.
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.236 and later releases of 13.1-FIPS and 13.1-NDcPP.
Additional Reading:
Mitigation Recommendations:
- NetScaler Console and NetScaler SDX (SVM) Security Bulletin for CVE-2025-4365
- NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777
- NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543
Related WaterISAC PIRs: 6, 8
