#VU111236 Improper access control in Citrix Netscaler ADC and Citrix NetScaler Gateway - CVE-2025-5349
Published: June 17, 2025
Vulnerability identifier: #VU111236
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-5349
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Citrix Netscaler ADC
Citrix NetScaler Gateway
Citrix Netscaler ADC
Citrix NetScaler Gateway
Software vendor:
Citrix
Citrix
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in NetScaler Management Interface. A remote non-authenticated attacker with access to NSIP, Cluster Management IP or local GSLB Site IP can bypass implemented security restrictions and gain unauthorized access to the application.
Remediation
Install updates from vendor's website.