Hackers have been exploiting a critical-severity vulnerability in NetScaler ADC and NetScaler Gateway, expertise big Citrix warned on Wednesday, when it launched patches for the flaw.
Affecting each supported and discontinued variations of the applying supply and networking safety platform and tracked as CVE-2025-6543 (CVSS rating of 9.2), the bug is described as a reminiscence overflow problem.
Profitable exploitation of the safety defect may result in unintended management circulation and denial-of-service (DoS), Citrix notes in its advisory.
The tech big says solely NetScaler deployments configured as a Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or an authentication, authorization, and accounting (AAA) digital server are affected.
“Exploits of CVE-2025-6543 on unmitigated home equipment have been noticed,” Citrix says, with out detailing the noticed assaults.
Patches for the zero-day have been included in NetScaler ADC and NetScaler Gateway variations 14.1-47.46 and 13.1-59.19, and in NetScaler ADC variations 13.1-FIPS and 13.1-NDcPP 13.1-37.236.
Citrix warns that NetScaler ADC and NetScaler Gateway variations 12.1 and 13.0, which have been discontinued, are affected as effectively, urging prospects emigrate to a supported, patched iteration.
“Safe Non-public Entry on-prem or Safe Non-public Entry Hybrid deployments utilizing NetScaler situations are additionally affected by the vulnerabilities. Clients must improve these NetScaler situations to the really helpful NetScaler builds to deal with the vulnerabilities,” the corporate says.Commercial. Scroll to proceed studying.
The zero-day got here to mild one week after Citrix patched one other critical-severity NetScaler vulnerability, specifically CVE-2025-5777 (CVSS rating of 9.3).
Described as an out-of-bounds reminiscence learn brought on by inadequate enter validation, final week’s flaw has been in comparison with CitrixBleed, a defect that supplied entry to machine reminiscence and session tokens, permitting attackers to bypass multi-factor authentication.
Whereas there have been no reviews of CVE-2025-5777’s exploitation, safety researcher Kevin Beaumont means that attackers could quickly goal it.
Calling the bug CitrixBleed2, Beaumont urges organizations to right away determine uncovered NetScaler situations, apply the patches, and terminate all lively classes, as per Citrix’s suggestions.
Associated: Citrix Warns of Password Spraying Assaults Focusing on NetScaler Home equipment
Associated: Exploitation Makes an attempt Goal Citrix Session Recording Vulnerabilities
Associated: Citrix, Fortinet Patch Excessive-Severity Vulnerabilities
Associated: Citrix, Cisco, Fortinet Zero-Days Amongst 2023’s Most Exploited Vulnerabilities
