Friday, April 25, 2025
HomeCVE/vulnerabilityCritical Bugs with Citrix Allow Unauthenticated Code Injection, Privilege Escalation DoS &...

Critical Bugs with Citrix Allow Unauthenticated Code Injection, Privilege Escalation DoS & Data Theft

Published on

SIEM as a Service

Follow Us on Google News

Citrix patched 11 security flaws with Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP edition. Out of that four bugs can be exploited by an unauthenticated, remote attacker.

Successful exploitation of the attack leads to an unauthenticated attack to the management network, Cross-Site Scripting (XSS) information disclosure, and denial-of-service attacks.

Citrix said that out of 11 vulnerabilities, “there are six possible attack routes; five of those have barriers to exploitation.”

- Advertisement - Google News

The six possible attack routes can be diminished if systems deployed in line with Citrix recommendations that management interface separated from the network and protected by a firewall.

Citrix also confirms that these vulnerabilities are not related to CVE-2019-19781, which unauthenticated remote attackers to execute arbitrary code on the vulnerable system.

The company also said that they are not aware of any exploitation of these issues. Here you can find the complete list of vulnerabilities.

List of Vulnerabilities

“While these barriers reduce the risk of these vulnerabilities, Citrix strongly recommends the quick application of the supplied patches.”

Citrix not disclosed any technical details about the vulnerability and only released patches to protect our customers.

Users are recommended to update with following versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP remediate the vulnerabilities:

  • Citrix ADC and Citrix Gateway 13.0-58.30 and later releases
  • Citrix ADC and NetScaler Gateway 12.1-57.18 and later 12.1 releases
  • Citrix ADC and NetScaler Gateway 12.0-63.21 and later 12.0 releases
  • Citrix ADC and NetScaler Gateway 11.1-64.14 and later 11.1 releases
  • NetScaler ADC and NetScaler Gateway 10.5-70.18 and later 10.5 releases
  • Citrix SD-WAN WANOP 11.1.1a and later releases
  • Citrix SD-WAN WANOP 11.0.3d and later 11.0 releases
  • Citrix SD-WAN WANOP 10.2.7 and later 10.2 releases
  • Citrix Gateway Plug-in for Linux 1.0.0.137 and later versions.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Microsoft Defender XDR False Positive Leaked Massive 1,700+ Sensitive Documents to Publish

An alarming data leak involving Microsoft Defender XDR has exposed more than 1,700 sensitive...

‘SessionShark’ – A New Toolkit Bypasses Microsoft Office 365 MFA Security

Security researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users:...

Hackers Exploit MS-SQL Servers to Deploy Ammyy Admin for Remote Access

A sophisticated cyberattack campaign has surfaced, targeting poorly managed Microsoft SQL (MS-SQL) servers to...

New Report Reveals How AI is Rapidly Enhancing Phishing Attack Precision

The Zscaler ThreatLabz 2025 Phishing Report unveils the alarming sophistication of modern phishing attacks,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Spring Security Vulnerability Exposes Valid Usernames to Attackers

A newly identified security vulnerability, CVE-2025-22234, has exposed a critical weakness in the widely-used...

SAP NetWeaver 0-Day Vulnerability Enables Webshell Deployment

Cybersecurity analysts have issued a high-priority warning after several incidents revealed active exploitation of...

NVIDIA NeMo Vulnerability Enables Remote Exploits

NVIDIA has issued an urgent security advisory addressing three high-severity vulnerabilities in its NeMo...