CVE-2025-5349: 
Citrix ADC VPX vulnerability analysis and mitigation

A critical security vulnerability identified as CVE-2025-5349 affects NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products. The vulnerability involves improper access control on the NetScaler Management Interface, discovered and disclosed in June 2025. The flaw has been assigned a high severity CVSS v4.0 base score of 8.7 (NVD, GBHackers).

The vulnerability stems from improper access control mechanisms on the NetScaler Management Interface. It requires access to the Network Services IP (NSIP), Cluster Management IP, or local Global Server Load Balancing (GSLB) Site IP to exploit. The affected versions include NetScaler ADC and NetScaler Gateway 14.1 before 14.1-43.56, version 13.1 before 13.1-58.32, and various FIPS-compliant versions (GBHackers, Cybersecurity News).

Successful exploitation of this vulnerability could allow attackers to gain unauthorized access to critical management functions and potentially compromise sensitive corporate data and network resources. The vulnerability particularly affects organizations running NetScaler ADC and Gateway deployments, including those using Secure Private Access on-premises and hybrid deployments (GBHackers).

Cloud Software Group has released patched versions to address this vulnerability. Organizations are strongly advised to upgrade to NetScaler ADC and Gateway version 14.1-43.56 or later, version 13.1-58.32 or later, or the corresponding FIPS-compliant releases. After upgrading, administrators should execute commands to terminate all active ICA and PCoIP sessions. Customers using Citrix-managed cloud services receive automatic updates (GBHackers, Cybersecurity News).

The vulnerability was responsibly disclosed by security researchers from Positive Technologies and ITA MOD CERT (CERTDIFESA), who collaborated with Cloud Software Group to ensure a coordinated response before public disclosure (Cybersecurity News).