Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The Australian cyber agency warns of critical bugs in NetScaler ADC and Netscaler Gateway products.
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) released an ‘act now’ critical alert late last week after cloud computing firm Citrix released an advisory warning of a pair of vulnerabilities in its NetScaler ADC and NetScaler Gateway platforms.
CVE-2025-5349 ranks a CVSS score of 8.7 and is an improper access control impacting the NetScaler Management Interface, while CVE-2025-5777 has a CVSS ranking of 9.3 – making it a critical vulnerability – and is an insufficient input validation that could lead to memory overread.
The vulnerabilities impact the following NetScaler products:
Both Citrix and the ACSC note that NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now considered end-of-life and are no longer receiving patches.
“Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities,” Citrix said in its 17 June advisory.
“Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible,” Citrix said. These versions are:
“Australian organisations should review their networks for use of vulnerable instances of the NetScaler ADC and NetScaler Gateway products, and consult Citrix’s customer advisory Citrix Security Advisory for mitigation advice,” the ACSC warned in its 20 July advisory.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
