CVE-2025-5349
published 2025-06-17CVE-2025-5349: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
PriorityP353high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
3.65%
88.2th percentile
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_application_delivery_controller | >= 12.1 < 12.1-55.328 | 12.1-55.328 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-37.235 | 13.1-37.235 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-58.32 | 13.1-58.32 |
| citrix | netscaler_application_delivery_controller | >= 14.1 < 14.1-43.56 | 14.1-43.56 |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | >= 13.1 < 13.1-58.32 | 13.1-58.32 |
| citrix | netscaler_gateway | >= 14.1 < 14.1-43.56 | 14.1-43.56 |
| citrix | xenserver | — | — |
| netscaler | adc | >= 13.1 < 58.32 | 58.32 |
| netscaler | adc | >= 14.1 < 43.56 | 43.56 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-927h-58v2-fqv5: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
ghsa_unreviewed·2025-06-17
CVE-2025-5349 [HIGH] CWE-1284 GHSA-927h-58v2-fqv5: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
VulnCheck
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
vulncheck·2025·CVSS 9.3
CVE-2025-5777 [CRITICAL] CWE-125 Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Affected: Citrix NetScaler ADC and NetScaler Gateway
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/; https://dashboard.shadowserver.org/statist
Citrix
Citrix Security Bulletin CTX693420
vendor_citrix·CVSS 5.9
CVE-2025-12101 [MEDIUM] Citrix Security Bulletin CTX693420
Citrix Security Bulletin CTX693420
CVE References: CVE-2025-12101, CVE-2025-5349, CVE-2025-5777, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
Checkpoint
7th July – Threat Intelligence Report
blogs_checkpoint·2025-07-07
CVE-2025-6463 7th July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 7th July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 6th July, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The International Criminal Court (ICC) disclosed a sophisticated cyber‐security incident in late June 2025, its second such event in recent years. The intrusion, which occurred in June 2025, was promptly detected and contained, and the full extent of the impact is under investigation.
Australian airline Qantas suffered a cyber i
Wiz
Critical vulnerabilities in NetScaler ADC exploited in-the-wild: everything you need to know | Wiz Blog
blogs_wiz·2025-07-06·CVSS 9.4
CVE-2025-5777 [CRITICAL] Critical vulnerabilities in NetScaler ADC exploited in-the-wild: everything you need to know | Wiz Blog
On June 17th, 2025, two critical vulnerabilities - CVE-2025-5349 and CVE-2025-5777 - were disclosed in Citrix Netscaler ADC and Netscaler Gateway, enabling unauthorized access to sensitive resources and memory overreads in specific configurations. Due to certain similarities between CVE-2025-5777 and CVE-2023-4966 (AKA “CitrixBleed”), in some publications this vulnerability has been nicknamed “CitrixBleed 2”.
On June 25, 2025, a third critical RCE vulnerability - CVE-2025-6543 - was also disclosed. This flaw affects the same products as above, with the vendor noting that it has been exploited in the wild as a 0-day. Customers are strongly advised to update to the latest fixed versions to mitigate these risks.
# What are the vulnerabilities?
### CVE-2025-5777: Memory Overread via Crafted
Wiz
Critical vulnerabilities in NetScaler ADC exploited in-the-wild: everything you need to know | Wiz Blog
blogs_wiz·2025-07-06·CVSS 9.4
CVE-2025-5349 [CRITICAL] Critical vulnerabilities in NetScaler ADC exploited in-the-wild: everything you need to know | Wiz Blog
On June 17th, 2025, two critical vulnerabilities - CVE-2025-5349 and CVE-2025-5777 - were disclosed in Citrix Netscaler ADC and Netscaler Gateway, enabling unauthorized access to sensitive resources and memory overreads in specific configurations. Due to certain similarities between CVE-2025-5777 and CVE-2023-4966 (AKA “CitrixBleed”), in some publications this vulnerability has been nicknamed “CitrixBleed 2”.
On June 25, 2025, a third critical RCE vulnerability - CVE-2025-6543 - was also disclosed. This flaw affects the same products as above, with the vendor noting that it has been exploited in the wild as a 0-day. Customers are strongly advised to update to the latest fixed versions to mitigate these risks.
## What are the vulnerabilities?
## CVE-2025-5349: Improper Access Control on
Wiz
Crying Out Cloud Newsletter - July 2025 | Wiz
blogs_wiz·2025-07-01·CVSS 7.2
[HIGH] Crying Out Cloud Newsletter - July 2025 | Wiz
Cloud security is constantly evolving, and the Wiz Research team is dedicated to keeping you informed. The past month has seen significant vulnerabilities discovered, and there have been a few security incidents affecting cloud users.
We've compiled a shortlist of the most relevant developments. Here are our top picks!
## 🔍 Highlights
## Cryptojacking Campaign Targets Misconfigured DevOps Tools
Wiz Threat Research identified a cryptojacking campaign, attributed to the threat actor JINX-0132, actively exploiting misconfigured and publicly exposed DevOps tools—including HashiCorp Nomad, HashiCorp Consul, Docker, and Gitea—to deploy XMRig-based Monero miners.
JINX-0132 targets exposed Nomad servers lacking ACL protections by submitting malicious jobs through the API, effectively gaining
Tenable
CVE-2025-5777, CVE-2025-6543: Frequently Asked Questions About CitrixBleed 2 and Citrix NetScaler Exploitation
blogs_tenable·2025-06-27·CVSS 9.3
[CRITICAL] CVE-2025-5777, CVE-2025-6543: Frequently Asked Questions About CitrixBleed 2 and Citrix NetScaler Exploitation
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions
blogs_bleepingcomputer·2025-06-25·CVSS 9.4
CVE-2025-5777 [CRITICAL] New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions
## New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions
## Bill Toulas
A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices.
Last week, Citrix published a security bulletin warning about flaws tracked as CVE-2025-5777 and CVE-2025-5349 that impact NetScaler ADC and Gateway versions before 14.1-43.56, releases before 13.1-58.32, and also 13.1-37.235-FIPS/NDcPP and 2.1-55.328-FIPS.
The CVE-2025-5777 is a critical flaw that is caused by out-of-bounds memory read, allowing unauthenticated attacks to access portions of memory that they should not have access to.
This flaw impacts NetScaler devices
Checkpoint
23rd June – Threat Intelligence Report
blogs_checkpoint·2025-06-23
CVE-2025-23121 23rd June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 23rd June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 23rd June, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Scania, a Swedish manufacturer of heavy trucks and engines, has suffered a data breach that resulted in the theft of insurance claim documents from its Financial Services systems via compromised credentials of an external IT partner. The stolen data is likely to contain personal, financial, or medical information. The attack ha
2025-06-17
Published