CVE-2025-5349

Published Jun 17, 2025

Last updated 7 months ago

CVSS high 8.7
VDI

Overview

Description
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
Source
secure@citrix.com
NVD status
Analyzed
Products
netscaler_application_delivery_controller, netscaler_gateway

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@citrix.com
CWE-1284
nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

  1. Citrix Bleed 2.0 (CVE-2025-5777 & CVE-2025-5349) Citrix has disclosed two critical vulnerabilities affecting NetScaler ADC and Gateway. Patch immediately to fixed builds as listed in CTX693420. https://t.co/E9MwaWRzQ3 https://t.co/4ymn1iIQtV

    @CyberTitanLLC

    31 Jul 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. There is an update to Citrix Bleed 2 - CVE-2025-5349 and CVE-2025-5777 . Apparently, only one article is referenced to test for possible compromise. https://t.co/dDLO4CFnoS Dear admin colleagues, how many are currently rotating and looking for patches?

    @NickInformation

    25 Jul 2025

    438 Impressions

    3 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777 Article Id : CTX693420 Last Modified Date : 07-25-2025 17:33 Created Date : 06-17-2025 11:48 https://t.co/Zh1McSSDCO

    @endi24

    25 Jul 2025

    264 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Nuevas vulnerabilidades críticas en Citrix Las vulnerabilidades, identificadas como CVE-2025-5349 y CVE-2025-5777, afectan a múltiples versiones de Citrix NetScaler. Más información: https://t.co/XtXEQOe1Rl #Citrix #vulnerability https://t.co/U4oFQqsoLP

    @CSIRT_Telconet

    19 Jul 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️Vulnerabilidades en los productos Citrix NetScaler ❗CVE-2025-5777 ❗CVE-2025-5349 ➡️Más info: https://t.co/2quJ6vQiIW https://t.co/Rp1SGTPb2H

    @CERTpy

    8 Jul 2025

    152 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 #CitrixBleed 2.0? We break down CVE-2025-5777, CVE-2025-5349, and CVE-2025-6543 — what’s known, what’s not, and why admin creds may be at risk. If you run #NetScaler, read this now 👇 https://t.co/wgpafxDLsj #infosec #cybersecurity https://t.co/IX5cRcBZ5K

    @Horizon3ai

    7 Jul 2025

    546 Impressions

    10 Retweets

    10 Likes

    3 Bookmarks

    2 Replies

    0 Quotes

  7. Critical vulnerabilities CVE-2025-5349, CVE-2025-5777, and CVE-2025-6543 in Citrix NetScaler ADC & Gateway are exploited in the wild, risking unauthorized access & credential leaks. Update now! ⚠️ #NetScaler #CyberAlert #USA https://t.co/m6qSFeBhx9

    @TweetThreatNews

    6 Jul 2025

    86 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Warning: Two Critical vulnerabilities in @Citrix #ISE. CVE-2025-5777 (CVSS 9.3) and CVE-2025-5349 (CVSS 9.2) allow unauthenticated remote memory overread and #DoS. Both are #ActivelyExploited! Immediate action required to secure your systems. #Patch https://t.co/HoZhS9HZHn

    @CCBalert

    30 Jun 2025

    365 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Actively exploited CVE : CVE-2025-5349

    @transilienceai

    29 Jun 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2025-5349

    @transilienceai

    29 Jun 2025

    21 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  11. #CyberAlert | Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway We are aware of the security advisories published by Citrix for critical vulnerabilities, CVE-2025-5349, CVE-2025-5777 and CVE-2025-6543. https://t.co/FHQLsyNzqT 🧵

    @cybercentre_ca

    26 Jun 2025

    142 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  12. La faille CVE-2025-5349 cible NetScaler Citrix et est déjà exploitée. Citrix recommande de fermer toutes les sessions actives après correctif. @ValeryMarchive #cybersécurité 👉 https://t.co/4s9M7sMeL1 https://t.co/ZcHZzxJRw4

    @LeMagIT

    26 Jun 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Security Bulletin: Multiple vulnerabilities affecting Citrix NetScaler – CVE-2025-5777 & CVE-2025-5349 allow memory leaks and unauthorized admin access. Patch to 14.1-43.56 or later + restrict interface access to reduce risk. #ThreatIntel #Re... https://t.co/MYPMybTdj8

    @RedLegg

    25 Jun 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 【CitrixがNetScalerの重大バグCVE-2025-5777を修正】この境界外読み取りの脆弱性が悪用された形跡はないが、なるべく早くパッチを適用し、アクティブなセッションを終了するよう推奨されている。CVE-2025-5349(不適

    @MachinaRecord

    24 Jun 2025

    106 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨Upozorňujeme na kritické zranitelnosti v load balanceru NetScaler ADC, CVE-2025-5349 a v bráně pro vzdálený přístup NetScaler Gateway, CVE-2025-5777. První zranitelnost spočívá v nesprávném řízení přístupu v rozhraní pro správu NetScaler ADC a druhá v c

    @GOVCERT_CZ

    19 Jun 2025

    54 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Two critical vulnerabilities, CVE-2025-5349 (8.7) and CVE-2025-5777 (9.3), found in NetScaler ADC & Gateway. Outdated versions are at risk of unauthorized access & memory overreads. Ensure updates are applied swiftly! ⚠️ #NetScaler #CyberRisk https://t.co/cQgYw6ulAJ

    @TweetThreatNews

    19 Jun 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Critical vulnerability in NetScaler ADC and NetScaler Gateway URL: https://t.co/4gu12PtexF Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv4.0: 9.3 CVEs: CVE-2025-5777, CVE-2025-5349

    @samilaiho

    18 Jun 2025

    111 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Critical vulnerabilities (CVE-2025-5349, CVE-2025-5777) have been identified in NetScaler ADC and NetScaler Gateway. Immediate customer action is strongly advised. Read the full security bulletin here: https://t.co/Il5TcAyDue https://t.co/vgBFfzaYVh

    @FerroqueSystems

    17 Jun 2025

    231 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Urgent alert! #Citrix Netscaler ADC, -SDX, and -Console are now affected by new security vulnerabilities identified as CVE-2025-4365, CVE-2025-5349, and CVE-2025-5777. Check out https://t.co/iNgUoraIAC and https://t.co/xQhkxrNkvK

    @Koetzing

    17 Jun 2025

    806 Impressions

    5 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. New @Citrix article: #NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777 https://t.co/uV5eDdaL7c

    @guyrleech

    17 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. CVE-2025-5349 Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway https://t.co/2uFROryU52

    @CVEnew

    17 Jun 2025

    71 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.CVE-2026-22769
  2. Microsoft Windows Improper Privilege Management VulnerabilityCVE-2026-21533
  3. Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).CVE-2026-21982
  4. Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).CVE-2026-21956
  5. Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.CVE-2025-64740

References

Sources include official advisories and independent security research.