- 136/2025
- Critical
Citrix has released security updates to address multiple vulnerabilities affecting Citrix Secure Access Client for Windows, Citrix Workspace app for Windows, NetScaler ADC, and NetScaler Gateway.
The addressed vulnerabilities could allow the attacker to bypass access controls, obtain sensitive information, or gain elevated privileges on the affected product.
Sample of the addressed vulnerabilities:
1. NetScaler Insufficient Input Validation Vulnerability (CVE-2025-5777):
- CVSS: 9.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
2. Citrix Secure Access Client Improper Privilege Management Vulnerability (CVE-2025-0320):
- CVSS: 8.5
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2025-0320
- CVE-2025-4879
- CVE-2025-5349
- CVE-2025-5777
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.