NetScaler Times newsletter for Week 31 - 2025

This Week: Quantum-Readiness & More Fresh WAF Signatures

Hello Everyone,

It's Steven with another edition of the NetScaler Times, your weekly update to keep you up-to-date on all things NetScaler-related! Keeping the momentum going, I've gathered this week's roundup of events, firmware releases, support articles, and anything else I think is relevant - all in one convenient email!

1. Leading the quantum-ready transition

Abhilash Verma covers why the quantum threat to encryption is no longer theoretical and how attackers are already harvesting encrypted data today for future decryption. Learn about the "Harvest Now, Decrypt Later" attacks that put decades of sensitive communications at risk, and discover how NetScaler became the first application delivery platform to offer NIST-aligned post-quantum cryptography, giving organizations the tools they need to protect their data before quantum computers arrive.

And for those looking for a deep dive into how quantum computers will break encryption, check out my three-part technical series exploring why organizations can't wait to implement quantum-resistant systems, which encryption methods face the greatest threat, and how Shor's algorithm actually works to crack the codes we rely on today.

2. The latest firmware builds.

Below are the details for the various builds, which can help you plan for new releases in your environment. This support document provides additional information on the various release cycles.

NetScaler has multiple form factors to support different environments. It is built on a single operating system with a software-based architecture, so its behaviour will be the same regardless of whether it is used as hardware, a virtual machine, bare metal, or a container. Select one that works for your environment and needs.

Latest Build Versions:

Here is a timeline for the 14.1 and 13.1 builds to show where they are within their respective release lifecycle.

13.1 and 14.1 build cycles

Here are all the firmware builds in a table:

Notes about Builds:

• The above is a summary taken from the NetScaler Section here.

• FIPS FAQ - NetScaler FIPS FAQ - Link

Which release should I use?

The release families are designed so that 14.1 has more elements changing with each update, hence the feature phase designation. Due to its maintenance phase, 13.1 will have fewer changes now.

An example of the move to 14.1 might be that you want to take advantage of removing the dependency of ALB in Azure with your NetScaler HA deployment. Read more here. This could save some $$$ (insert local currency).

Also, a recent customer request included plans to build a new Azure infrastructure. This was not expected to be a short-term deployment. Looking at the build cycles above, it would make sense to start looking at 14.1 for this. This would avoid re-architecting the solution next year when 13.1 moves to CVE-only support.

What about NetScaler SDX?

There are multiple NetScaler designations. VPX, MPX, SDX, BLX, and CPX all use the same firmware. The table above applies to all NetScaler types. It might not be the same download file, as appliances like the SDX do have other elements to update.

End Of Sale Appliances & End of Life Appliances

When purchasing replacements for EoS and EoL appliances, refer to the hardware replacements below. Your UHMC/CPL entitlement can be applied to the new hardware.

EoS Appliances

These appliances are End of Sale (unavailable to buy new now), they will live and run for 5 more years from 2024/2023. Just add 5 years to the EoS date to get the EOL.

EoS

EOL Appliances

A table shows the EOL appliance events for the last 18 months. April had a few appliances reach their end of life and must be replaced (to get support). The MPX/SDX 16000 is the replacement in most cases.

EoL

I pulled these summary tables from the official site here. Just open and expand the NetScaler section.

3. Latest NetScaler Security updates

Nothing new here (this week).

On June 25th, the following were issued:

1. NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543

Full support doc: Link

On June 17th, the following were issued:

2. NetScaler ADC & Gateway Security Bulletin for CVE-2025-5349 & CVE-2025-5777.

Support ref: CTX693420. Status: Critical

Full support doc: Link

3. Citrix Workspace app for Windows Security Bulletin CVE-2025-4879.

Support ref: CTX694718. Status: High

Full support doc: Link

4. NetScaler Console and NetScaler SDX (SVM) Security Bulletin for CVE-2025-4365 –

Support ref: CTX694729. Status: Medium

Full support doc: Link

NetScaler WAF Signatures Update v157 was updated on the July 25th.

New signature rules are available for vulnerabilities identified in Microsoft SharePoint and DNN DotNetNuke. Download and configure these signature rules to protect from these security vulnerabilities:

Link to details.

4. Updates from around the web.

Some selected updates from around the web for the last 7 days.

Running NetScaler NSPEPI in a Docker container

July 25, 2025: Martin Nygaard Jensen shows how to run NSPEPI in a Docker container, making configuration validation even more streamlined and portable. If you've ever needed to validate an ns.conf file before upgrading (like moving from 13.0 to 14.1), this approach lets you run the validation tool anywhere Docker is installed, without worrying about dependencies or OS compatibility. Perfect for those planning upgrades or needing quick config checks without needing a full NetScaler instance for the task.

5. Feedback for this newsletter

If you have a topic that you would like to see featured, please drop me a note at Steven.Wright@cloud.com

You can get all the previous newsletters plus other articles here:

Have a great week!