Citrix Announces New Vulnerability in Citrix ADC & Citrix Gateway

by Daniel Ruiz
Practice Lead, Citrix Technologies

Citrix announced a new vulnerability discovered in Citrix ADC and Citrix Gateway that could result in an attacker creating a specially crafted URL redirecting to a malicious website.

This vulnerability has the following identifier:



Affected versions of Citrix ADC and Citrix Gateway:

Appliance must be configured as a VPN (Gateway) or AAA virtual server.

  • Citrix ADC and Citrix Gateway 13.1 before 13.1-24.38
  • Citrix ADC and Citrix Gateway 13.0 before 13.0-86.17
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-65.15
  • Citrix ADC 12.1-FIPS before 12.1-55.282
  • Citrix ADC 12.1-NDcPP before 12.1-55.282


Citrix recommends that affected customers install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible.

  • Citrix ADC and Citrix Gateway 13.1-24.38 and later releases
  • Citrix ADC and Citrix Gateway 13.0-86.17 and later releases of 13.0
  • Citrix ADC and Citrix Gateway 12.1-65.15 and later releases of 12.1
  • Citrix ADC 12.1-FIPS 12.1-55.282 and later releases of 12.1-FIPS
  • Citrix ADC 12.1-NDcPP 12.1-55.282 and later releases of 12.1-NDcPP

If you would like more information or assistance from our industry leading team of Citrix experts to plan and execute the upgrade, please contact us at