Post

Critical vulnerabilities in NetScaler ADC exploited in-the-wild everything you need to know

Posted Updated
By ictsec.pl
1 min read

On June 17th, 2025, two critical vulnerabilities - CVE-2025-5349 and CVE-2025-5777 - were disclosed in Citrix Netscaler ADC and Netscaler Gateway, enabling unauthorized access to sensitive resources and memory overreads in specific configurations. Due to certain similarities between CVE-2025-5777 and CVE-2023-4966 (AKA “CitrixBleed”), in some publications this vulnerability has been nicknamed “CitrixBleed 2”.

On June 25, 2025, a third critical RCE vulnerability - CVE-2025-6543 - was also disclosed. This flaw affects the same products as above, with the vendor noting that it has been exploited in the wild as a 0-day. Customers are strongly advised to update to the latest fixed versions to mitigate these risks.

To read the complete article see:

Critical vulnerabilities in NetScaler ADC exploited in-the-wild

VULNS
CVE-2025-5349 CVE-2025-5777 CVE-2025-6543
This post is licensed under CC BY 4.0 by the author.