Security News > 2023 > October > Citrix urges 'immediate; patch for critical NetScaler bug as exploit POC made public
Citrix has urged admins to "Immediately" apply a fix for CVE-2023-4966, a critical information disclosure bug that affects NetScaler ADC and NetScaler Gateway, admitting it has been exploited.
Plus, there's a proof-of-concept exploit, dubbed Citrix Bleed, now on GitHub.
Six days after the Google-owned threat intel firm sounded the alarm, Citrix weighed in.
Oddly, Citrix didn't release any additional details about these targeted attacks, which Mandiant last week said were used to hit tech firms, government organizations, and professional services companies.
A Citrix spokesperson declined to comment on how many organizations have been compromised, and who or what the criminals are targeting in the attacks.
"The security bulletin and blog are the extent of our external statements at this time," the Citrix spokesperson told The Register.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/10/24/citrix_critical_patch/
Related news
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability (source)
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-4966 | Unspecified vulnerability in Citrix products Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. | 7.5 |