Improper Access Control in NetScaler ADC and Gateway by Citrix
CVE-2025-5349
Key Information:
Badges
What is CVE-2025-5349?
CVE-2025-5349 is a critical vulnerability identified in the Citrix NetScaler ADC (Application Delivery Controller) and NetScaler Gateway products. These tools are designed to enhance the efficiency of applications over networks by managing load balancing, application delivery, and remote access. The vulnerability is rooted in improper access control mechanisms on the NetScaler Management Interface, allowing unauthorized access to sensitive configurations and controls.
This flaw can significantly undermine an organization's cybersecurity posture, as it could enable malicious actors to manipulate application delivery settings, gain access to sensitive data, or even execute unauthorized operations within the network infrastructure. Given the prominent role that NetScaler products play in managing enterprise applications, the consequences of this vulnerability can be severe, leading to potential data breaches or operational disruptions.
Potential impact of CVE-2025-5349
-
Unauthorized Access and Control: Attackers could exploit this vulnerability to gain unauthorized access to the management interfaces, allowing them to alter configurations, extract sensitive data, or disable security functions. This level of control can lead to severe operational and security ramifications for affected organizations.
-
Data Breach Risks: With improper access controls in place, there is a heightened risk of data breaches. Sensitive organizational data managed through NetScaler ADC and Gateway products could be exposed or exploited by threat actors, potentially leading to significant financial and reputational damage.
-
Increased Attack Surface: By exploiting this vulnerability, attackers could pivot to other systems within the network, increasing the overall attack surface. This could facilitate further attacks, including the deployment of malware or ransomware, which may compromise additional systems in the environment.
Affected Version(s)
ADC 14.1 < 43.56
ADC 13.1 < 58.32
News Articles
New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions
A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed
2 weeks ago

Critical Flaws In NetScaler ADC & Gateway – CVE-2025-5349
Two new vulnerabilities, CVE-2025-5349 and CVE-2025-5777, targets NetScaler ADC and Gateway, posing a serious risk to organization.
3 weeks ago
Citrix NetScaler ADC & Gateway Flaws Expose Sensitive Data to Hackers
The flaws, identified as CVE-2025-5349 and CVE-2025-5777, have been rated with high severity, carrying CVSS base scores of 8.7 and 9.3, respectively.
3 weeks ago
References
CVSS V4
Timeline
- 📰
First article discovered by GBHackers News
Vulnerability published
Vulnerability Reserved