Citrix Issues Urgent Patches for Critical NetScaler ADC and Gateway Memory Overread Vulnerabilities

NetScaler ADC vulnerabilities CVE-2025-5777 Citrix security patches NetScaler Gateway memory overread critical VPN gateway vulnerabilities
J
James Okoro

Ethical Hacking & Threat Intelligence Editor

 
July 1, 2026
4 min read
Citrix Issues Urgent Patches for Critical NetScaler ADC and Gateway Memory Overread Vulnerabilities

TL;DR

• Critical vulnerabilities (CVSS 9.3) identified in NetScaler ADC and Gateway. • CVE-2025-5777 and CVE-2026-3055 allow for memory overreads and session hijacking. • Immediate patching is required for all NetScaler infrastructure deployments. • Administrators must invalidate all active sessions after applying the software updates.

If you’re running NetScaler infrastructure, stop what you’re doing and check your version numbers. Cloud Software Group just dropped a batch of urgent patches for NetScaler ADC, Gateway, and Console. We’re talking about a collection of vulnerabilities—some hitting a CVSS score of 9.3—that could let an attacker hijack sessions, snoop on sensitive data, or waltz right into your network.

This isn't a "patch when you get around to it" situation. These flaws touch the very core of how your appliances handle memory and authentication.

The Breakdown: What’s Broken?

The advisory covers a messy spread of bugs, but two stand out for their severity. First, there’s CVE-2025-5777, a nasty memory overread vulnerability that hits NetScaler Gateway and AAA virtual servers. Then, there’s CVE-2026-3055, an out-of-bounds read that targets systems acting as a SAML Identity Provider (IdP).

The chatter in the security community is mixed regarding active exploitation. Some reports suggest bad actors are already poking at these holes, while others haven't seen widespread campaigns yet. Regardless, with scores this high, waiting for a confirmed exploit is a losing game.

Here is the quick-and-dirty on the primary vulnerabilities:

Vulnerability CVSS Score Severity Primary Impact
CVE-2025-5777 9.3 Critical Memory overread in Gateway/AAA
CVE-2026-3055 9.3 Critical Out-of-bounds read (SAML IdP)
CVE-2025-5349 8.7 High Improper access control
CVE-2026-4368 7.7 High User session mix-up/race condition
CVE-2025-4365 6.9 Medium Arbitrary file read

Take CVE-2026-4368, for example. It’s a race condition that essentially scrambles user sessions. In a shared or multi-tenant environment, this is a nightmare—you could end up with one user accidentally stepping into another user’s session context. It’s the kind of logic error that turns a secure gateway into a sieve.

The Remediation Playbook

Patching these isn't as simple as clicking "update" and walking away. Because these flaws deal with memory management, you have to flush the system to ensure no "ghost" data remains.

First, head over to the official security updates for NetScaler to grab the specific build for your environment. You’re looking at targets like 14.1-66.59, 13.1-62.23, or 13.1-37.262 (for FIPS/NDcPP).

Once you’ve applied the update, you aren't finished. Follow these steps to ensure the fix actually sticks:

  • Kill the Sessions: After the upgrade, you must invalidate all active and persistent sessions. If you don’t, you’re leaving the door open for potentially compromised sessions to persist.
  • Clear the Pipes: On HA pairs and cluster nodes, you need to manually clear out the connection buffers. Run kill icaconnection -all and kill pcoipConnection -all to purge any lingering, potentially tainted data.
  • Lock Down the Console: Don’t just patch and forget. Review your setup against best practices for NetScaler console security to make sure your management interfaces aren't exposed to the public internet.

The CERT-EU security advisory makes it clear: these aren't just minor bugs. Because they strike at the heart of your authentication—specifically SAML IdP and AAA servers—the risk of credential theft is very real.

Hardening Your Perimeter

If you’ve been meaning to tighten up your network security, now is the time. Patching is the first step, but it’s only one part of a defense-in-depth strategy. Take a look at the NetScaler configuration guidelines and start by restricting access to your management interfaces. If it doesn't need to be reachable from the internet, it shouldn't be.

Use the official Citrix support article to verify your build requirements. Every environment is different, and missing a specific version requirement could leave you exposed.

The threat landscape is moving fast. Right now, the priority is closing these gaps before they become the next big headline in a breach report. Don't wait for a maintenance window that’s weeks away—move these updates to the top of your list. Keep an eye on the official channels, keep your logs clean, and don't assume your current configuration is "good enough" until you’ve verified it against these new patches.

Security is a constant game of cat and mouse, and right now, the mouse has a head start. Get these patches deployed and clear those session buffers.

J
James Okoro

Ethical Hacking & Threat Intelligence Editor

 

James Okoro is a certified ethical hacker (CEH) and cybersecurity journalist with a background in military intelligence. After serving as a cyber operations analyst, he transitioned into the private sector, working as a threat intelligence consultant before finding his voice as a writer. James has covered major data breaches, ransomware campaigns, and state-sponsored cyberattacks for several leading security publications. He brings a tactical, insider perspective to his reporting on the ever-evolving threat landscape.

Related News

Private Internet Access Updates WireGuard and OpenVPN Protocol Implementations to Strengthen Remote Access Security
WireGuard and OpenVPN protocol security updates

Private Internet Access Updates WireGuard and OpenVPN Protocol Implementations to Strengthen Remote Access Security

Private Internet Access upgrades WireGuard and OpenVPN protocols to boost remote access security, performance, and encryption stability. Learn how it impacts you.

By Viktor Sokolov July 10, 2026 4 min read
common.read_full_article
Critical CitrixBleed Vulnerability Under Active Exploitation Prompts Urgent Security Patch for NetScaler Gateways
CitrixBleed

Critical CitrixBleed Vulnerability Under Active Exploitation Prompts Urgent Security Patch for NetScaler Gateways

Critical vulnerability CVE-2023-4966 is under active exploitation. Patch your NetScaler ADC and Gateway appliances immediately to prevent session hijacking.

By Marcus Chen July 9, 2026 4 min read
common.read_full_article
WatchGuard Issues Third Critical IKEv2 Patch in Ten Months as Legacy Firebox Devices Remain Exposed
CVE-2026-13368

WatchGuard Issues Third Critical IKEv2 Patch in Ten Months as Legacy Firebox Devices Remain Exposed

WatchGuard issues third critical IKEv2 patch in ten months. Learn how CVE-2026-13368 affects your Firebox appliances and the risks to legacy hardware.

By Elena Voss July 8, 2026 4 min read
common.read_full_article
Dropbox Security Breach Prompts Enterprise Review of Encryption Protocols and Remote Access Alternatives for 2026
Dropbox security breach

Dropbox Security Breach Prompts Enterprise Review of Encryption Protocols and Remote Access Alternatives for 2026

Following the Dropbox security breach, enterprises are urgently reviewing encryption protocols and remote access alternatives. Learn the impact and 2026 security trends.

By James Okoro July 7, 2026 4 min read
common.read_full_article