Cyber Resilience

CVE-2023-3519

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linkedRCE

Published: 19 July 2023

Published
19 July 2023
Modified
24 October 2025
KEV Added
19 July 2023
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9348 99.8th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-3519 is a critical-severity Code Injection (CWE-94) vulnerability in Citrix Netscaler Application Delivery Controller. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2023-3519 is an unauthenticated remote code execution vulnerability (CWE-94) affecting Citrix ADC and Citrix Gateway appliances. It carries a CVSS 3.1 base score of 9.8, reflecting network attack vector, low attack complexity, and no requirements for authentication or user interaction, with high impact on confidentiality, integrity, and availability.

An unauthenticated attacker with network access can send specially crafted requests that trigger arbitrary code execution on the target appliance, enabling full compromise of the affected system including potential takeover of VPN sessions, authentication flows, or connected infrastructure.

Citrix security bulletin CTX561482 addresses the issue with patches and configuration guidance for supported ADC and Gateway versions; the bulletin is referenced by both vendor and CISA entries. CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.

Public exploit code is available on Packet Storm, and the vulnerability maintains a very high EPSS score (current 0.9348, peak 0.9659), indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

Unauthenticated remote code execution

CWE(s)
KEV Date Added
19 July 2023

Related Threats

Threat-Actor AttributionAI

UNC4841
Mandiant (Google Cloud) publicly attributed mass exploitation of CVE-2023-3519 in Citrix appliances to UNC4841 espionage operations.

Affected Assets

citrix
netscaler application delivery controller
12.1 — 12.1-55.297 · 12.1 — 12.1-55.297 · 13.0 — 13.0-91.13
citrix
netscaler gateway
13.0 — 13.0-91.13 · 13.1 — 13.1-49.13

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access control decisions to block unauthenticated network requests that trigger the RCE.

prevent

Restricts network exposure of the vulnerable Citrix ADC/Gateway interfaces to untrusted remote attackers.

prevent

Requires timely application of vendor patches that eliminate the unauthenticated code-execution flaw.

References