Overview

• Citrix has issued a 9.3-severity patch for CVE-2025-5777, an out-of-bounds memory-read flaw in NetScaler ADC and Gateway appliances.
• The flaw can leak session tokens, enabling unauthenticated attackers to hijack user sessions and bypass multi-factor authentication.
• Operators are advised to upgrade to supported NetScaler builds and run kill icaconnection -all and kill pcoipconnection -all to reset active ICA and PCoIP sessions.
• A separate vulnerability, CVE-2025-6543, is already being exploited to trigger denial-of-service conditions on exposed NetScaler interfaces.
• Security scans show over 56,500 publicly reachable NetScaler endpoints, although the proportion vulnerable to these flaws remains unknown.