Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
English Spanish Italian
Search

Citrix: New Critical Vulnerability from 9.2 Affects NetScaler – Attacks Underway!

Redazione RHC : 26 June 2025 12:54

Citrix has reported a new critical vulnerability in its NetScaler appliances, already actively exploited by attackers. The problem is identified with the identifier CVE-2025-6543 and affects the popular NetScaler ADC and NetScaler Gateway solutions used by companies for remote access and network perimeter protection.

As reported in the official note from Citrix, exploits for this vulnerability have already been observed in real attacks. CVE-2025-6543 (CVSS score: 9.2) allows a remote, unauthenticated special request to be sent, resulting in device malfunction and unavailable operation. In particular, this isa complete disruption that can paralyze the functioning of the company’s infrastructure.

The vulnerability affects versions of NetScaler ADC and Gateway

  • NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.46
  • NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.19
  • NetScaler ADC 13.1-FIPS and NDcPP  BEFORE 13.1-37.236-FIPS and NDcPP

Only devices configured as gateways are affected, including VPN servers, ICA application proxies, clientless VPNs (CVPNs), remote desktop proxies, and virtual authentication servers (AAAs).

Citrix has already released patches to address the CVE-2025-6543 vulnerability (tracked internally as CTX694788 ). Updates are available for all affected versions of NetScaler. The company strongly recommends that administrators install these updates as soon as possible and review device configurations.

The emergence of CVE-2025-6543 coincides with another issue in Citrix products, unofficially named CitrixBleed 2 and identified as CVE-2025-5777. This vulnerability allows attackers to hijack active user sessions by extracting authentication tokens from device memory. This technique was already used by criminal hackers in 2023, when a similar vulnerability, called CitrixBleed, was exploited to attack the public sector and large companies, including cases with subsequent spread to internal networks.

Experts emphasize that both vulnerabilities are critical and require immediate action by IT departments. In addition to installing patches, it is recommended to actively monitor the behavior of network devices, control active user sessions, and enforce access policies.

Citrix has not yet provided further clarification on the details of the exploitation of CVE-2025-6543.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli
Categories
Banner
Redhotcyber is an open-news project that was launched in 2019 and subsequently expanded into a network of individuals collaborating to disseminate information and topics focused on technology, Information Technology, and cybersecurity. Its goal is to increase risk awareness among an ever-growing number of people.

Editorial board : [email protected]

Facebook Linkedin Youtube Telegram Twitter Pinterest Tumblr