Ethical Hacking News
Citrix's Netscaler ADC and NetScaler Gateway products have been hit with two new critical zero-day vulnerabilities, marking the second such incident in just over two weeks. In this article, we explore the implications of these vulnerabilities and what organizations can do to protect themselves from potential attacks.
Citrix has issued two emergency patches for critical vulnerabilities in their Netscaler ADC and NetScaler Gateway products.The latest vulnerability, CVE-2025-6543, is a memory overflow vulnerability with a 9.2 severity score.Miscreants have already exploited this zero-day vulnerability before the patch was available.Organizations must upgrade their NetScaler software and terminate active sessions to prevent exploitation.The incident highlights the ongoing threat landscape in cybersecurity and the need for vigilance and proactive measures.
Citrix, a leading provider of networking devices and solutions, has once again found itself at the center of a cybersecurity storm. In recent days, two emergency patches have been issued for critical vulnerabilities in their Netscaler ADC and NetScaler Gateway products, marking the second such incident in just over two weeks.
The latest vulnerability, tracked as CVE-2025-6543, is a memory overflow vulnerability that can lead to unintended control flow and denial of service when the affected security appliances are configured as a gateway virtual server or an authentication, authorization, and accounting (AAA) virtual server. This new critical vulnerability has received a 9.2 severity score from the Common Vulnerability Scoring System (CVSS), indicating that it is extremely serious in nature.
According to Citrix, miscreants have already exploited this zero-day vulnerability before the company was able to patch it. "Exploits of CVE-2025-6543 on unmitigated appliances have been observed," according to a security bulletin issued by Citrix.
The fact that this vulnerability has already been exploited as a zero-day attack indicates that it is extremely serious in nature, and that criminals are taking advantage of the lack of patch availability before Citrix was able to issue a fix. "The CVSS metrics reflect code execution or similar, not DoS as the most impactful outcome," said watchTowr CEO Benjamin Harris. "Vulnerable appliances being observed to enter a 'denial of service condition' likely reflects failed exploitation, given the class of vulnerability being discussed here."
In this article, we will explore the implications of this new zero-day vulnerability in Citrix's Netscaler ADC and NetScaler Gateway products, and what organizations can do to protect themselves from potential attacks.
Citrix's earlier critical vulnerability, CVE-2025-5777, was also exploited as a zero-day attack before a patch was issued. This earlier vulnerability could allow an attacker to read session tokens or other sensitive information in memory from NetScaler devices that are configured as a gateway or AAA virtual server. Organizations must upgrade their NetScaler software and terminate all active ICA and PCoIP sessions after upgrading to prevent exploitation of this vulnerability.
The impact of these zero-day vulnerabilities highlights the ongoing threat landscape in the cybersecurity world. "Many organizations did not terminate sessions when remediating a similar vulnerability in 2023 (CVE-2023-4966 aka 'Citrix Bleed')," said Mandiant Consulting Chief Technology Officer Charles Carmakal. "In those cases, session secrets were stolen before companies patched, and the sessions were hijacked after the patch."
The fact that Citrix has once again found itself at the center of a major cybersecurity incident highlights the need for vigilance and proactive measures to protect against such threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Citrix-Bleed-Strikes-Again-A-New-Zero-Day-Vulnerability-Exposed-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/06/25/citrix_netscaler_critical_bug_exploited/
https://nvd.nist.gov/vuln/detail/CVE-2025-5777
https://www.cvedetails.com/cve/CVE-2025-5777/
https://nvd.nist.gov/vuln/detail/CVE-2025-6543
https://www.cvedetails.com/cve/CVE-2025-6543/
Published: Wed Jun 25 16:57:37 2025 by llama3.2 3B Q4_K_M
