Security News > 2020 > January > PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability

Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC and Gateway products that could allow anyone to leverage them to take full control over potential enterprise targets.
Just before the last Christmas and year-end holidays, Citrix announced that its Citrix Application Delivery Controller and Citrix Gateway are vulnerable to a critical path traversal flaw that could allow an unauthenticated attacker to perform arbitrary code execution on vulnerable servers.
Citrix confirmed that the flaw affects all supported version of the software, including:Citrix ADC and Citrix Gateway version 13.0 all supported builds.
Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds.
According to Shodan, at the time of writing, there are over 125,400 Citrix ADC or Gateway servers publicly accessible and can be exploited overnight if not taken offline or protected using available mitigation.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/I8Tx34-GV64/citrix-adc-gateway-exploit.html
Related news
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)