Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Active Exploitation of Critical Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway

30 June 2025

Citrix has released security updates addressing multiple critical vulnerabilities in their NetScaler ADC and NetScaler Gateway. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

Citrix has released security updates addressing multiple critical vulnerabilities (CVE-2025-5777 and CVE-2025-6543) in their NetScaler ADC and NetScaler Gateway. 

Impact

The vulnerabilities are:

  • CVE-2025-5777: Successful exploitation of this vulnerability could allow an attacker to bypass authentication, including Multi-Factor Authentication (MFA), by stealing the exposed session token.

  • CVE-2025-6543: Successful exploitation of this memory overflow vulnerability could allow an attacker to conduct denial-of-service (DoS) attacks.

Known Exploitation

Both vulnerabilities are reportedly being actively exploited.

Affected Products

The critical vulnerabilities affect the following product versions:

  • NetScaler ADC and NetScaler Gateway versions before 14.1 to 43.56

  • NetScaler ADC and NetScaler Gateway versions before 13.1 to 58.32

  • NetScaler ADC 13.1-FIPS and 13.1-NDcPP versions before 13.1 to 37.235

  • NetScaler ADC 12.1-FIPS versions before 12.1 to 55.328

Mitigation Measures

Users and administrators of affected products are advised to update to the latest versions immediately.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5777

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420

https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/

https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/

Back to top