Home About NCSC NCSC Alerts and Advisories Critical Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway Products 

Critical Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway Products 

Published:

Jun 23, 2025

Updated:

AUG 19, 2025

Who can use this content?

Businesses and Organizations | Critical Infrastructure | Government | SME Owners

Alert Status: Critical

On 19 June 2024, Citrix released a security bulletin detailing multiple vulnerabilities in NetScaler ADC and Gateway products.

The Department of Information and Communications Technology (DICT) through the National Cyber Security Center (NCSC) issues this alert to all PNG Government departments, agencies, and organizations about critical vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway products. 

Background

These vulnerabilities, if exploited, could allow attackers to bypass authentication mechanisms or execute arbitrary code, potentially compromising affected systems. 

The identified vulnerabilities are: 
– CVE-2024-6235 – Sensitive information disclosure 
– CVE-2024-6236 – Authentication bypass using a brute-force technique 
– CVE-2024-6237 – Remote code execution (RCE) 

Affected Products and Versions:  


These vulnerabilities affect the following Citrix products when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server: 
– NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15 
– NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21 

 

Mitigation

To safeguard your organization’s systems and data, DICT and NCSC strongly recommend taking the following actions: 

    1. Identify Affected Systems: Audit all systems to identify any use of Citrix NetScaler ADC or NetScaler Gateway products. 

    1. Apply Patches: Upgrade to the following fixed versions: 
      – NetScaler ADC and Gateway 13.1-51.15 or later 
      – NetScaler ADC and Gateway 13.0-92.21 or later  

    1. Monitor for Exploits: Review logs and monitor systems for unusual activity.  

Older versions, including those that have reached End-of-Life (EOL), may be especially vulnerable and should be upgraded immediately. Running outdated software significantly increases exposure to cyber threats. 

For more detailed information and specific instructions regarding the vulnerabilities and updates, we encourage you to refer to the official Citrix Advisory through the following link: Citrix Security Advisory

Prompt action is crucial in addressing these critical vulnerabilities to ensure the security and stability of your organization’s systems and data. By remaining vigilant and keeping your infrastructure up-to-date, you can effectively safeguard against potential cyber threats. The NCSC and the Department of ICT are dedicated to promoting a secure digital environment, and we encourage all stakeholders to adhere to the recommended actions for enhanced cybersecurity resilience. 

For any further assistance or inquiries, please reach out to the National Cyber Security Center (NCSC). Together, let us prioritize cybersecurity and protect Papua New Guinea’s digital landscape.