Critical severity vulnerabilities CVE-2025-5777 and CVE-2025-6543 were identified in Citrix NetScaler ADC and NetScaler Gateway. 

CVE-2025-5777 could allow unauthorized attackers to steal valid session tokens from the memory of internet-facing NetScaler devices via malformed requests.

Affected versions:

• NetScaler ADC and NetScaler Gateway 14.1-43.56 and later releases
• NetScaler ADC and NetScaler Gateway 13.1-58.32 and later releases of 13.1
• NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.235 and later releases of 13.1-FIPS and 13.1-NDcPP
• NetScaler ADC 12.1-FIPS 12.1-55.328 and later releases of 12.1-FIPS

CVE-2025-6543 could result in unintended control flow and denial-of-service if the appliance is configured as a Gateway or AAA virtual server. Active exploitation of this vulnerability has been observed.

Affected versions:

• NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46
• NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19
• NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (vulnerable and end-of-life)
• NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP

These vulnerabilities should be prioritized for remediation; cyber threat actors often widely exploit Citrix vulnerabilities. The NJCCIC advises applying security updates as soon as possible after appropriate testing. Additional information on these vulnerabilities can be found in the Kevin Beaumont post and The Hacker News article.