⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-03.

CVE-2019-19781Path Traversal in Citrix Application Delivery Controller Firmware

CWE-22Path Traversal131 documents24 sources
Severity
9.8CRITICALNVD
EPSS
94.4%
top < 0.01%
CISA KEV
KEVRansomware
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
10
Citrix Application Delivery Controller FirmwareCitrix Gateway FirmwareCitrix Netscaler Gateway Firmware+7 more
Timeline
PublishedDec 27
KEV addedNov 3
KEV dueMay 3
Latest updateAug 26
CISA Required Action: Apply updates per vendor instructions.

Description

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages10 packages

🔴Vulnerability Details

2
GHSA
GHSA-jjcm-f6q3-w5xj: An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 102022-05-24
VulnCheck
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability2019

💥Exploits & PoCs

7
Exploit-DB
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal2020-01-16
Exploit-DB
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)2020-01-13
Exploit-DB
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)2020-01-11
Exploit-DB
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution2020-01-11
Metasploit
Citrix ADC (NetScaler) Directory Traversal Scanner

🔍Detection Rules

6
Suricata
ET EXPLOIT Citrix Application Delivery Controller Arbitrary Code Execution Attempt Scanner Attempt (CVE-2019-19781)2022-02-05
Suricata
ET EXPLOIT Citrix Application Delivery Controller Arbitrary Code Execution Attempt Scanner Attempt - Server Response (CVE-2019-19781)2022-02-05
Suricata
ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) M42022-02-05
Suricata
ET EXPLOIT Citrix App Delivery Controller and Citrix Gateway M1 (CVE-2019-19781)2021-10-28
Suricata
ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) M22020-01-13

📋Vendor Advisories

3
CISA
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability2021-11-03
Citrix
CVE-2019-19781: An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.2019-12-27
Citrix
Citrix Security Bulletin CTX267027

🕵️Threat Intelligence

110
Tenable
CVE-2025-7775 Citrix RCE Zero-day2025-08-26
Tenable
Frequently Asked Questions About Iranian Cyber Operations2025-06-27
Qualys
Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations2025-05-08
Tenable
From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 252024-10-22
Bleepingcomputer
Iranian hackers work with ransomware gangs to extort breached orgs2024-08-28

📄Research Papers

2
arXiv
Automated Attack Testflow Extraction from Cyber Threat Report using BERT for Contextual Analysis2025-07-09
arXiv
VulRG: Multi-Level Explainable Vulnerability Patch Ranking for Complex Systems Using Graphs2025-02-16