- NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases of 13.1
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP
- NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP
Citrix bleeding
As NetScaler prospects will already be painfully conscious, these aren’t the primary critical vulnerabilities to have an effect on the corporate’s NetScaler ADC and NetScaler Gateway home equipment throughout 2025.
In June, the corporate patched CVE-2025-5349 and CVE-2025-5777, the latter a flaw in NetScaler ADC and Gateway gadgets important sufficient for researcher Beaumont to present it a nickname, “Citrix Bleed 2”. The US Cybersecurity and Infrastructure Safety Company (CISA) later added this to its database of flaws recognized to be below energetic exploitation. (The unique ‘Citrix Bleed’ flaw, CVE‑2023‑4966, affected NetScaler ADC and NetScaler Gateway in 2023.)
In the meantime, it emerged {that a} second flaw patched days after that, CVE-2025-6543, may also be below energetic exploitation. This was confirmed in August by the Dutch Nationwide Cyber Safety Centre (NCSC-NL) which reported that CVE-2025-6543 had been used to focus on organizations within the nation since not less than Could.
