Skip to content

Critical exploits found in Adobe ColdFusion and Citrix NetScaler

  • by
  • 3 min read

Organisations worldwide face a new wave of cyber threats as hackers actively exploit critical vulnerabilities in Adobe ColdFusion and Citrix NetScaler products.

These vulnerabilities allow for remote code execution, enabling threat actors to access sensitive information and execute malicious activities without authentication.

One of the first major vulnerabilities was observed in the Citrix NetScaler products. The CVE-2023-3519 vulnerability was discovered in NetScaler ADC and NetScaler Gateway products. This flaw carries a severity rating of 9.8 out of 10, as reported by Ars Technica.

This high severity rating makes the vulnerability highly dangerous, allowing hackers to execute code remotely without any authentication requirements. Researchers from Rapid7 issued a warning that the exploitation would escalate rapidly.

Similarly concerning is the situation with Adobe ColdFusion, where hackers have been exploiting two vulnerabilities, rated 9.8 (CVE-2023-38203) and the other CVE-2023-29298. Adobe partially patched the latter on July 11. However, Rapid7 reported that the patch was incomplete, allowing hackers to exploit it with slight adjustments to an already-released proof-of-concept exploit.

Adobe has since acknowledged the issue and is working on a complete fix.

What is a Zero-day exploit and how to protect against it?
Organisations using Adobe ColdFusion and Citrix NetScaler products must remain vigilant until the vulnerabilities are patched properly.

Another security firm, Project Discovery, disclosed another vulnerability mistakenly identified as patched by Adobe. This mislabeled vulnerability, potentially CVE-2023-38203, remained unpatched until two days after the disclosure post was removed, leading to further exploitation. Currently, both the improperly patched and the mistakenly disclosed vulnerabilities are still being exploited on vulnerable servers.

The exploited vulnerabilities have reportedly been used to install web shells, providing hackers with browser-lie windows to issue commands and execute code on compromised servers remotely. However, neither Rapid7 nor Qualys, another security firm, have disclosed specific details about the attackers of their motives.

Security analysts are urging organisations to take immediate action in patching their Citrix NetScaler and Adobe ColdFusion installations to prevent further damage. Failure to do so could result in consequences similar to recent exploitations of critical vulnerabilities in other enterprise applications, such as the MOVEit file transfer software and GoAnywhere, which led to breaches in hundreds of organisations, including government agencies.

In the News: Over 5,600 names and emails compromised in VirusTotal data leak

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: