Jun 25, 2025Ravie LakshmananVulnerability / Community Safety
Citrix has launched safety updates to deal with a crucial flaw affecting NetScaler ADC that it mentioned has been exploited within the wild.
The vulnerability, tracked as CVE-2025-6543, carries a CVSS rating of 9.2 out of a most of 10.0.
It has been described as a case of reminiscence overflow that might lead to unintended management move and denial-of-service. Nevertheless, profitable exploitation requires the equipment to be configured as a Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or AAA digital server.
The shortcoming impacts the under variations –
NetScaler ADC and NetScaler Gateway 14.1 previous to 14.1-47.46
NetScaler ADC and NetScaler Gateway 13.1 previous to 13.1-59.19
NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (weak and end-of-life)
NetScaler ADC 13.1-FIPS and NDcPP previous to 13.1-37.236-FIPS and NDcPP
“Safe Personal Entry on-prem or Safe Personal Entry Hybrid deployments utilizing NetScaler cases are additionally affected by the vulnerabilities,” Citrix mentioned.
“Prospects must improve these NetScaler cases to the advisable NetScaler builds to deal with the vulnerabilities.”
The corporate didn’t reveal how the flaw is being exploited in real-world assaults, however mentioned “exploits of CVE-2025-6543 on unmitigated home equipment have been noticed.”
The disclosure comes shortly after Citrix patched one other critical-rated safety flaw in NetScaler ADC (CVE-2025-5777, CVSS rating: 9.3) that may very well be exploited by menace actors to realize entry to vulnerable home equipment.
Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.
