Citrix Product Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in Citrix products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-4879

 

Citrix Workspace app for Windows versions: less than 2409
Citrix Workspace app for Windows versions: 2402 LTSR CU2 Hotfix 1 and earlier
Citrix Workspace app for Windows versions: less than 2402 LTSR CU3 Hotfix 1

 

CVE-2025-6543

 

NetScaler ADC and NetScaler Gateway 14.1 version: less than 14.1-47.46
NetScaler ADC and NetScaler Gateway 13.1 Version: 13.1-59.19 and earlier
NetScaler ADC 13.1 – FIPS Version: less than 13.1-37.236
NetScaler ADC 13.1-NDcPP Version: less than 13.1-37.236

 

CVE-2025-5777

 

NetScaler ADC and NetScaler Gateway 14.1 Version: less than 14.1-43.56
NetScaler ADC and NetScaler Gateway 13.1 Version: Before 13.1-58.32
NetScaler ADC 13.1 – FIPS Version: less than 13.1-37.235
NetScaler ADC 13.1-NDcPP Version: less than 13.1-37.235
NetScaler ADC 12.1 – FIPS version: less than 12.1 – 55.328

 

CVE-2025-0320

 

Citrix Secure Access Client for Windows Version: less than 25.5.1.15

 

 

Resolved Vulnerabilities

 

Privilege escalation vulnerability in Citrix Workspace app for Windows (CVE-2025-4879)
Memory overflow vulnerability in NetScaler ADC and NetScaler Gateway and NetScaler ADC 13.1-FIPS and NDcPP (CVE-2025-6543)
Out-of-bounds memory read vulnerability due to lack of input validation in NetScaler ADC and NetScaler Gateway (CVE-2025-5777)
Privilege escalation vulnerability in Citrix Secure Access Client for Windows (CVE-2025-0320)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-4879

 

Citrix Workspace app for Windows versions: 2409 and later
Citrix Workspace app for Windows versions: 2402 LTSR CU2 Hotfix 1 or later
Citrix Workspace app for Windows versions: 2402 LTSR CU3 Hotfix 1 and later

 

CVE-2025-6543

 

NetScaler ADC and NetScaler Gateway 14.1 Version: 14.1-47.46 and later
NetScaler ADC and NetScaler Gateway 13.1 Versions: 13.1-59.19 and later
NetScaler ADC 13.1-FIPS Version: 13.1-37.236 and later
NetScaler ADC 13.1-NDcPP Version: 13.1-37.236 and later

 

CVE-2025-5777

 

NetScaler ADC and NetScaler Gateway 14.1 Version: 14.1-43.56 and later
NetScaler ADC and NetScaler Gateway 13.1 Version: 13.1-58.32 and later
NetScaler ADC 13.1-FIPS Version: 13.1-37.235 and later
NetScaler ADC 13.1-NDcPP Version: 13.1-37.235 and later
NetScaler ADC 12.1 – FIPS version: 12.1-55.328 or later

 

CVE-2025-0320

 

Citrix Secure Access Client for Windows Version: 25.5.1.15 and later

 

 

References

 

[1] Citrix Workspace app for Windows Security Bulletin CVE-2025-4879
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718
[2] NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
[3] NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420
[4] Citrix Secure Access Client for Windows Security Bulletin for CVE-2025-0320
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694724