Open Nav
Sign Up

Urgent Alert: Critical Vulnerabilities in Citrix, VMware, and Atlassian Products

Bar Refael

January 17, 2024

Citrix, VMware, and Atlassian have reported critical security vulnerabilities in several of their products, some of which are currently being exploited in the wild. This advisory is issued to inform and guide our clients on these vulnerabilities and the essential steps required for mitigation. It highlights the urgent need to apply patches and review security measures, aiming to provide a clear understanding of the associated risks and the necessary actions for effective mitigation. Our focus is to ensure our clients are well-informed and prepared to address these vulnerabilities promptly.

Citrix NetScaler ADC and Gateway Vulnerabilities:

  • CVE-2023-6548 (CVSS: 5.5): Permits low-privileged remote code execution.
  • CVE-2023-6549 (CVSS: 8.2): Leads to denial-of-service under certain configurations.
  • Affected Versions: NetScaler ADC and Gateway versions 14.1, 13.1, 13.0, and 12.1 (including FIPS and NDcPP).

Mitigation: Upgrade to the patched versions and avoid exposing management interfaces to the internet.

VMware Aria Automation Flaw:

  • CVE-2023-34063 (CVSS: 9.9): A critical missing access control flaw.
  • Affected Versions: VMware Aria Automation (8.11.x to 8.14.x) and VMware Cloud Foundation (4.x and 5.x).

Mitigation: Directly upgrade to VMware version 8.16 post-patch application.

Atlassian Confluence RCE Bug:

  • CVE-2023-22527 (CVSS: 10.0): Template injection vulnerability causing remote code execution.
  • Affected Versions: Confluence Data Center and Server versions 8.0.x to 8.5.3 (Note: 7.19.x LTS versions are not impacted).

Mitigation: Update to the latest patched versions immediately.

Impact Assessment and Risk Analysis:

Each vulnerability presents unique risks that could lead to unauthorized access, data breaches, or service disruptions. Immediate patch application is critical.

OP Innovate’s Advisory:

  • Immediate Action: Apply all relevant patches without delay.
  • Review Security Posture: Regularly assess your organization’s security measures.
  • Stay Informed: OP Innovate will continue to provide updates on these and other cybersecurity threats.

FAQ Section:

Q1: Are these vulnerabilities currently being exploited?

  • A: Yes, some of these vulnerabilities, especially in Citrix products, are actively being exploited.

Q2: What if my organization cannot immediately apply these patches?

  • A: Implement temporary mitigations if possible, like restricting access to the management interfaces for Citrix products and limiting user privileges in VMware and Atlassian environments.

Q3: How do I know if my system is compromised?

  • A: Look for indicators of compromise such as unusual system or network activity and unauthorized administrative actions.

Conclusion and Call-to-Action:

The discovery of these vulnerabilities underscores the urgent need for vigilant cybersecurity practices. We urge all affected users to apply the recommended patches and review their security protocols. OP Innovate is dedicated to assisting our clients in navigating these challenges and ensuring the integrity of their digital assets.

Stay Safe and Secure,
OP Innovate Cybersecurity Team

Resources highlights

CISA: Attackers Exploiting SysAid Vulnerabilities (CVE-2025-2775, CVE-2025-2776)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two SysAid On-Prem vulnerabilities, CVE-2025-2775 and CVE-2025-2776, to its Known Exploited Vulnerabilities (KEV) catalog, confirming…

Read more >

CVE-2025-2775, CVE-2025-2776

Critical Zero-Day in CrushFTP Exploited in the Wild (CVE-2025-54309)

A critical zero-day vulnerability in CrushFTP, CVE-2025-54309, is being actively exploited by threat actors to gain unauthenticated administrative access to vulnerable servers via HTTPS. The…

Read more >

CVE-2025-54309

Critical Zero-Day in Microsoft SharePoint Actively Exploited (CVE-2025-53770)

A newly discovered zero-day vulnerability in Microsoft SharePoint Server, tracked as CVE-2025-53770, is currently being exploited in active attacks against on-premises environments. The flaw, rated…

Read more >

CVE-2025-53770

Over 600 Laravel Applications Vulnerable to Remote Code Execution via Leaked APP_KEYs (CVE-2018-15133, CVE-2024-55556)

Security researchers have uncovered a major RCE threat affecting over 600 Laravel applications, triggered by leaked APP_KEYs found on public GitHub repositories. Laravel's APP_KEY, typically…

Read more >

CVE-2018-15133, CVE-2024-55556

CVE-2025-3648: “Count(er) Strike” Vulnerability in ServiceNow

CVE-2025-3648, dubbed “Count(er) Strike”, is a high-severity vulnerability (CVSS 8.2) in ServiceNow's Now Platform, discovered by Varonis Threat Labs. The flaw allows both authenticated and…

Read more >

CVE-2025-3648

What to Look for in a Pentesting Platform (Beyond Just Scans)

Penetration testing platforms are a great way to centralize vulnerability discovery and triage. However, when evaluating penetration testing platforms, many organizations make the mistake of…

Read more >

pentesting platform
Under Cyber Attack?

Fill out the form and we will contact you immediately.