Citrix Archive – Deyda.net

Checklist for NetScaler (Citrix ADC) CVE-2025-5777 & CVE-2025-6543

On June 17, 2025, Citrix published a security advisory for CVE-2025-5777, followed by CVE-2025-6543 on June 25, 2025. Both are classified as critical and are actively being exploited in the wild.

Threat Overview

CVE-2025-5777: Critical vulnerability due to improper input validation → leads to memory overread
CVE-2025-6543: Enables memory overflow, potentially resulting in DoS or arbitrary code execution → Exploits available !

⚠️ Important: Simply applying the firmware update is not enough. You must manually terminate all active ICA and PCoIP sessions after patching to ensure the vulnerability is fully mitigated.

Install new Microsoft Teams (version 2) in Citrix

The New Teams version (sometimes also called Teams 2.0) will become the new standard for Microsoft’s communication platform from July 1, 2024. On October 1, 2024, the Classical Teams client in the VDI context will reach its end of support and, according to the latest news, its end of availability date on July 1, 2025. These end dates have been adjusted several times in recent weeks.

Checklist for NetScaler (Citrix ADC) CVE-2023-4966

Citrix issued an alert (10/10/2023) about a critical vulnerability (CVE-2023-4966) in all NetScaler (Citrix ADC) & Gateway systems. Several working exploits have been published.

Please note that simply updating the systems is not enough. The connection tokens must also be reset.

Important ! There are no patches for NetScaler (Citrix ADC) version 12.1 or older. These systems have reached their EOL and will therefore no longer be equipped with the necessary fix. In this case please update to the latest 13.0, 13.1 or 14.1 version.

The vulnerability allows anonymous remote code execution and thus unauthenticated attackers to take over various machines with root privileges.

SAML Authentication between Citrix & Microsoft with Azure MFA

Update to the latest cloud navigation.

As a result of increasing projects, here is a little how-to with the summary of my previous articles. The main points are:

Azure AD Seamless Single Sign-On (PTA / PHS)
SAML Authentication (Azure AD as IdP & Citrix Gateway as SP)
Citrix Federated Authentication Service (FAS)
Microsoft Azure Multi-Factor-Authentication with Conditional Access

Requirements

Fully working Citrix Virtual Apps and Desktop Environment (StoreFront & DDC Minimum Version 7.9)
NetScaler with successful base configuration & activated Enterprise or Platinum license (Minimum Version 12.1 Build 50+ for native workspace app, for browser Minimum Version 11.1)
Configured Unified Gateway vServer
Internal and external DNS entries for Unified Gateway vServer (e.g. citrix.deyda.net)
Certificates for DNS entries (wildcard certificates are the easiest)
Existing Azure Tenant with Azure-AD base configuration (Domain, AAD Sync) & activated Azure AD Premium license
AD Connect version installed and configured (Minimum Version 1.1.644.0)
Firewall release for *.msappproxy.net on port 443
Domain administrator credentials for the domains that connected to Azure AD via AD Connect
Installed Authenticator App on Test User Mobile Phone

Checklist for NetScaler (Citrix ADC) CVE-2023-3519

Citrix issued an alert yesterday (07/18/2023) about a critical vulnerability (CVE-2023-3519) in all NetScaler (Citrix ADC) & Gateway systems. To date, no working exploits have been published.

Important ! There are no patches for NetScaler (Citrix ADC) version 12.1 or older. These systems have reached their EOL and will therefore no longer be equipped with the necessary fix. In this case please update to the latest 13.0 or 13.1 version.

The vulnerability allows anonymous remote code execution and thus unauthenticated attackers to take over various machines with root privileges.

As we hear from the Citrix community, more and more attacked systems are being found. The first exploits have also been available for purchase on the dark web for some time.