And for those who didn't catch it, Citrix has shown there are compromised appliances already for this one. Please upgrade your firmware ASAP. My customer took an outage in the middle of the day because of the severity.

@nsvegman, I don't understand all your 🧵to the above posts. It's customary to start a new thread when it's a new person or a change in topic/thought. Otherwise good information gets lost 50 comments deep.

This message was deleted.

Anyone have issues with the new patch (14.1), just patched our test vpx and apps do not launch externally via the GW URL, fine internally

We got any IOC scripts yet to check to see if compromised? https://www.theregister.com/2025/08/26/citrix_patches_trio_of_netscaler/

Does anyone else experience this issue? After an update and restart, I get the message: “Running in grace. SYSTEM WILL LOSE CAPACITY AFTER 720 Hours.” I’m using Pooled licensing mode. The message disappears after about 10 minutes, but it’s not nice to see it. It happened with the previous build as well. It seems like a bug in the software, and the NetScaler Team should implement license check differently to prevent such situations.

Is anyone else with Palo Alto firewalls seeing false positives for threat ID 96434 following yesterday’s content update version 9016?

Has anyone else seen sessions showing under NetScaler Gateway-->DTLS ICA Connection? All my udp sessions show under ICA Connections. And nsconmsg doesn't show any dtls. Seeing this with the old dtls 1.0 method, and with the new dedicated dtls 1.2 dtls vserver.

I was poking around our NetScalers yesterday looking for potential IOCs and noticed some Python scripts being scped to the boxes, run, and then deleted. Initially concerned, but upon further investigation it appears to be part of the CVE monitoring and file integrity checking that occurs with the NetScaler agent and Console services. Likely old news to most of you, but it was new to me.

I am wondering: We have nowadays the "WAF for Gateway" feature which should protect Gateway and AAA based on API Spec kind of definition files under the hood. But yet with these CVE's from past months and this week, it is affecting Gateway / AAA with these memory read vulnerabilities. • Why is this not blocked by the WAF for Gateway/AAA feature ? • Why is Citrix not able to more quickly distribute newer definitions to update this WAF as a first mitigation It seems all these CVE's related to the Gateway/AAA endpoints on NetScaler are never fixed to the bone

"*Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025"* This is a worrying read. Interesting stat re reduced NetScaler use over the last few years. https://doublepulsar.com/citrix-forgot-to-tell-you-cve-2025-6543-has-been-used-as-a-zero-day-since-may-2025-d76574e2dd2c

We upgraded on Wednesday to Netscaler 13.1 59.22 and it looks like we're having issues with frozen sessions. This happens across different VDA versions 2507 / 2503 /2403. You have to disconnect and reconnect to get the session active again and it quite often presents the following error in the session. Has anyone else witnessed this?

On which accounts is the HTTPD service on NetScaler actually working? You can check it with the command: ps aux | grep httpd

When you add new Flexed licenses, that are identical to existing, soon to be expiring flexed licenses, can you just apply the new licenses in NetScaler console and be done? Having trouble finding documentation to confirm this.

The latest Citrix NetScaler Console build 14.1-47.46, released in June, introduced an issue with sending emails (e.g., for the File Integration feature). Could anyone confirm if they are experiencing the same problem with this build?

New NetScaler firmware across the board. Not security it looks like. Hopefully it will fix ADM logging issues.

Fun facts 1. If you remove a secondary node from an Azure HA Pair, the Azure Load Balancer will stop working because the remaining NetScaler will stop responding to the monitor on port 9000 2. Today's firmware fixes a known bug on the Azure virtual appliances where they would randomly stop responding to SSH or TCP connections following a reboot or upgrade. This was due to changes Microsoft made on the backend Azure resources. Don't ask me how I know these fun facts! 😜

We migrated one SDX appliance to new datacenter, after migrating XenServer and SVM IP came back but SVM IP is not responding on port 80 & 443. SVM IP responds on port 22 but nsroot/nsrecover credentials are not working. VPX’es are operational though. Anyone seen this?

Very interesting. https://docs.netscaler.com/en-us/citrix-adc/current-release/networking/mgmt-and-data-plane-separation

New best practice! Disabling SSL renegotiation has been officially included in the NetScaler Secure Deployment Guide 🎉. Make sure to review your current configuration and update any existing settings accordingly. 😉 https://docs.netscaler.com/en-us/netscaler-adc-secure-deployment/administration-and-management/legacy-configuration#configure-netscaler-to-disable-ssl-renegotiation

So with this new License initiative, customers that have Netscalers won't have a choice, they need to add Netscaler Console (if they don't have one already) to their environment to license their netscalers?

Are SDXes affected with the latest XenServer CVE?

Citrix NetScaler Console 14.1-51.75 – does the Upload button for the GeoIP DB update work for you?

Anyone else noticed a higher RAM usage (fixed, which is not going done, anymore) with 14.1 47.48? This is a MPX and the yellow line is RAM. Normally during evening / night, when there are no users, anymore, RAM was going done. Now, it's not and going up? Thank you

Is anyone using Security Advisor for NetScaler Console On-Premises? I’m asking because it seems there’s a bug with reporting CVE-2021-22956 after scanning.

Citrix NetScaler Console (OnPrem)- why it’s showing version 14.1-58.30 in Netascaler Telemetry ? 🫣

Hi everyone, we are facing the following issue on Chromebooks: When using SAML authentication between Citrix and Microsoft with Azure MFA, after the StoreFront session timeout, the user is automatically logged off from StoreFront and receives a message asking to close the browser. However, this is not possible because the Chrome process always remains running in the background. As a result, the user gets the following error (or “You cannot log on using a smartcard”), and the only workaround is to reboot the Chromebook. The user is not able to log in again until the Chromebook is rebooted. Has anyone found a solution for this? Would adding a logout URL to the Enterprise SSO app in Azure help? https://[Gateway]/cgi/logout We also came across some possible workarounds by modifying the StoreFront configuration file, but Citrix does not recommend this approach. Thanks

so i have a customer who has a 2 arm configuration DMZ/Internal but doesnt have a internal facing firewall but now want to place a internal firewall between the netscalers and backend servers. A new zone/Subnet will be created which will mean all existing internal Load balancing VIP's would need to be Re Ip'ed in the new subnet/zone. I have created the plan below thoughts anything i have missed ? any better ways ?

We are planning to enable RDP connections through NetScaler Gateway and use CyberArk as proxy. rdp://rdpproxy.company.com?alternate shellsPSM /a server.company.com /c PSM-RDP rdpproxy.company.com - CyberArk PSM and the alternate shell is from existing RDP file published as ICA application. We are getting the following error when clicking on the bookmark.