Improper Access Control in NetScaler ADC and Gateway by Citrix
CVE-2025-5349

8.7HIGH

Key Information:

Vendor: Netscaler
Status: Adc
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-5349?

This vulnerability involves inadequate access control on the NetScaler Management Interface, affecting both NetScaler ADC and NetScaler Gateway. Exploitation of this weakness could enable unauthorized users to gain access to sensitive management functions, potentially leading to data exposure and system manipulation. Organizations using these products should implement the available patches provided by Citrix to mitigate risks.

Affected Version(s)

ADC 14.1 < 43.56

ADC 13.1 < 58.32

References

https://support.citrix.com/support-home/kbsearch/article?...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
May 30, 2025

Netscaler

What is CVE-2025-5349?

Affected Version(s)

References

CVSS V4

Timeline