Between June 17 and June 27, 2025, RAM-IT executed emergency and planned firmware upgrades on all NetScaler ADC and Gateway appliances in response to three critical Citrix CVEs:

CVE-2025-5349 & CVE-2025-5777 (published June 17)

CVE-2025-6543 (published June 25)

Initiated firmware upgrades from builds 13.0-92.21 to 13.1-58.32, and subsequently to the  latest

Performed full backup, health checks, and applied upgrades with rollback options in place.

Encountered one critical issue where an upgrade stalled on “Extracting python...” on a secondary node; resolved with vendor support (Citrix SR#101637951).

All NetScalers were updated successfully after RCA and planning with Citrix.

Executed recommended post-upgrade commands:

    kill icaconnection -all

    kill pcoipConnection -all

Verified log files post-upgrade. No unauthorized accounts or anomalies detected.

All work completed under change control tickets 

Lessons Learned:

Ensure real-time CPU usage is monitored during upgrades to avoid hangs.

Plan fallback and validation steps with Citrix during CVE-driven upgrades.

Maintain direct vendor escalation paths for quick turnaround in case of firmware instability.