Ethical Hacking News
Citrix has released emergency patches for a critical vulnerability in its NetScaler ADC software that has been exploited in the wild. The patch addresses CVE-2025-6543, which carries a CVSS score of 9.2 and could result in unintended control flow and denial-of-service if successfully exploited.
NetScaler ADC has a critical flaw (CVE-2025-6543) that carries a CVSS score of 9.2, indicating an extremely high level of risk. The vulnerability is a case of memory overflow that could result in unintended control flow and denial-of-service. Successful exploitation requires specific configurations set up on NetScaler ADC instances, not all users are equally at risk. Impact of this vulnerability affects versions prior to the recommended patches: 14.1-47.46, 13.1-59.19, 12.1, 13.0, and others. Secure Private Access deployments using NetScaler instances are also affected by the vulnerabilities.
Citrix has recently released security updates to address a critical flaw affecting NetScaler ADC, which has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0, indicating an extremely high level of risk.
The vulnerability in question is described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the appliance to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. This means that not all users are equally at risk, but rather those who have specific configurations set up on their NetScaler ADC instances.
The impact of this vulnerability is not limited to the specific versions affected by Citrix. The below versions are also impacted:
NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46
NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19
NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (vulnerable and end-of-life)
NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP
Furthermore, "Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerabilities," Citrix said. This highlights the need for all organizations that use NetScaler ADC to take immediate action and upgrade their instances to the recommended builds.
The disclosure comes shortly after Citrix patched another critical-rated security flaw in NetScaler ADC (CVE-2025-5777, CVSS score: 9.3) that could be exploited by threat actors to gain access to susceptible appliances.
Despite the recent release of these patches, it is clear that organizations are still vulnerable to various security threats. In this regard, it is essential for businesses and individuals to prioritize cybersecurity awareness and take proactive measures to protect themselves from such threats.
In addition to this vulnerability in NetScaler ADC, there have been other notable security breaches reported recently. For example, a massive 7.3 Tbps DDoS attack was delivered in just 45 seconds, targeting a hosting provider, while a new Linux flaw enables full root access via PAM and Udisks across major distributions.
These recent incidents underscore the importance of staying informed about emerging security threats and taking swift action to mitigate them. By doing so, individuals can significantly reduce their risk of falling victim to cyber attacks.
In conclusion, the vulnerability in NetScaler ADC highlights the need for organizations to prioritize cybersecurity awareness and take proactive measures to protect themselves from such threats. With numerous other security breaches reported recently, it is essential for businesses and individuals to stay informed about emerging security threats and take swift action to mitigate them.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unveiling-of-a-Lurking-Threat-Citrix-Releases-Emergency-Patches-for-Actively-Exploited-CVE-2025-6543-in-NetScaler-ADC-ehn.shtml
https://thehackernews.com/2025/06/citrix-releases-emergency-patches-for.html
https://nvd.nist.gov/vuln/detail/CVE-2025-6543
https://www.cvedetails.com/cve/CVE-2025-6543/
https://nvd.nist.gov/vuln/detail/CVE-2025-5777
https://www.cvedetails.com/cve/CVE-2025-5777/
Published: Wed Jun 25 12:09:15 2025 by llama3.2 3B Q4_K_M
