CISA Issues Alert on Actively Exploited Citrix NetScaler ADC and Gateway Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert following the addition of a critical Citrix NetScaler vulnerability—CVE-2025-6543—to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild.
Vulnerability Details
CVE-2025-6543 is a buffer overflow vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway appliances when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an Authentication, Authorization, and Auditing (AAA) virtual server.
| CVE ID | Vulnerability Type | Impact |
| CVE-2025-6543 | Buffer Overflow (CWE-119) | DoS, Unintended Control Flow |
The flaw, classified under CWE-119, allows attackers to trigger unintended control flow, potentially resulting in a Denial of Service (DoS) and service disruption.
The vulnerability has been assigned a CVSS score of 9.2 (Critical), underscoring its potential impact on confidentiality, integrity, and availability. Notably, exploitation does not require user interaction or elevated privileges, making it a prime target for remote attackers.
CISA and multiple security advisories confirm that CVE-2025-6543 is being actively exploited. Attackers have leveraged this vulnerability as a zero-day, with exploitation observed before Citrix’s public disclosure and patch release.
While there is no public exploit code available, the risk of further attacks remains high, especially for unpatched systems.
Affected product versions include:
- NetScaler ADC and Gateway versions before 14.1 to 43.56
- Versions before 13.1 to 58.32
- 13.1-FIPS and 13.1-NDcPP before 13.1 to 37.235
- 12.1-FIPS before 12.1 to 55.328
CISA’s Binding Operational Directive (BOD) 22-01 mandates that all Federal Civilian Executive Branch (FCEB) agencies remediate the vulnerability by July 21, 2025.
Agencies are instructed to apply vendor-provided mitigations, follow BOD 22-01 guidance for cloud services, or discontinue use if mitigations are unavailable.
CISA strongly urges all organizations, public and private, to prioritize patching and remediation to reduce exposure to cyberattacks.
Citrix has released security updates and advises all customers to immediately update to the latest versions to protect against ongoing attacks. The company reiterates its commitment to security-by-design and responsible disclosure practices.
Organizations are urged to act swiftly to secure their Citrix NetScaler deployments and prevent potential service outages or further exploitation.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
Source link
