Improper Access Control in NetScaler ADC and Gateway by Citrix
CVE-2025-5349

8.7HIGH

Key Information:

Vendor

Netscaler

Status
Vendor
CVE Published:
17 June 2025

Badges

📈 Score: 209📰 News Worthy

What is CVE-2025-5349?

CVE-2025-5349 is a critical vulnerability identified in the Citrix NetScaler ADC (Application Delivery Controller) and NetScaler Gateway products. These tools are designed to enhance the efficiency of applications over networks by managing load balancing, application delivery, and remote access. The vulnerability is rooted in improper access control mechanisms on the NetScaler Management Interface, allowing unauthorized access to sensitive configurations and controls.

This flaw can significantly undermine an organization's cybersecurity posture, as it could enable malicious actors to manipulate application delivery settings, gain access to sensitive data, or even execute unauthorized operations within the network infrastructure. Given the prominent role that NetScaler products play in managing enterprise applications, the consequences of this vulnerability can be severe, leading to potential data breaches or operational disruptions.

Potential impact of CVE-2025-5349

  1. Unauthorized Access and Control: Attackers could exploit this vulnerability to gain unauthorized access to the management interfaces, allowing them to alter configurations, extract sensitive data, or disable security functions. This level of control can lead to severe operational and security ramifications for affected organizations.

  2. Data Breach Risks: With improper access controls in place, there is a heightened risk of data breaches. Sensitive organizational data managed through NetScaler ADC and Gateway products could be exposed or exploited by threat actors, potentially leading to significant financial and reputational damage.

  3. Increased Attack Surface: By exploiting this vulnerability, attackers could pivot to other systems within the network, increasing the overall attack surface. This could facilitate further attacks, including the deployment of malware or ransomware, which may compromise additional systems in the environment.

Affected Version(s)

ADC 14.1 < 43.56

ADC 13.1 < 58.32

News Articles

New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions

A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed

2 weeks ago

Critical Flaws In NetScaler ADC & Gateway – CVE-2025-5349

Two new vulnerabilities, CVE-2025-5349 and CVE-2025-5777, targets NetScaler ADC and Gateway, posing a serious risk to organization.

3 weeks ago

Citrix NetScaler ADC & Gateway Flaws Expose Sensitive Data to Hackers

The flaws, identified as CVE-2025-5349 and CVE-2025-5777, have been rated with high severity, carrying CVSS base scores of 8.7 and 9.3, respectively.

3 weeks ago

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-5349 : Improper Access Control in NetScaler ADC and Gateway by Citrix