Citrix is warning {that a} vulnerability in NetScaler home equipment tracked as CVE-2025-6543 is being actively exploited within the wild, inflicting units to enter a denial of service situation.
“Exploits of CVE-2025-6543 on unmitigated home equipment have been noticed,” warns Citrix’s advisory.
Tracked internally as CTX694788, CVE-2025-6543 is a vital flaw impacting NetScaler ADC and NetScaler Gateway and will be triggered by unauthenticated, distant requests, main the equipment to go offline.
The flaw impacts NetScaler ADC and NetScaler Gateway variations 14.1 earlier than 14.1-47.46, 13.1 earlier than 13.1-59.19, and NetScaler ADC 13.1-FIPS and NDcPP earlier than 13.1-37.236-FIPS and NDcPP.
It solely impacts NetScaler units configured as a Gateway (VPN digital server, ICA Proxy, Clientless VPN (CVPN), RDP Proxy) or an AAA digital server.
Citrix mounted the flaw in NetScaler ADC and Gateway 14.1-47.46, 13.1-59.19, and ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.236 and later releases of 13.1-FIPS and 13.1-NDcPP.
The warning arrives as admins cope with one other vital NetScaler flaw dubbed CitrixBleed 2.
That bug, tracked as CVE-2025-5777, permits attackers to hijack person periods by extracting session tokens from a tool’s reminiscence.
An identical Citrix flaw named “CitrixBleed” was beforehand utilized by ransomware gangs and in assaults on governments in 2023 to realize widescale entry to NetScaler units and transfer laterally throughout company environments.
With each flaws being vital bugs, directors are suggested to use the most recent patches from Citrix as quickly as doable.
Corporations also needs to monitor their NetScaler cases for uncommon person periods, irregular conduct, and to overview entry controls.
BleepingComputer contacted Citrix to learn the way CVE-2025-6543 is being exploited in assaults and can replace this text if we obtain a response.
Patching used to imply complicated scripts, lengthy hours, and limitless fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, cut back overhead, and deal with strategic work — no complicated scripts required.
