Vulnerabilities

Critical Citrix NetScaler Flaw Exploited as Zero-Day

Citrix has released patches for a critical vulnerability in NetScaler ADC and NetScaler Gateway exploited as a zero-day.

Citrix vulnerabilities exploited

Hackers have been exploiting a critical-severity vulnerability in NetScaler ADC and NetScaler Gateway, technology giant Citrix warned on Wednesday, when it released patches for the flaw.

Affecting both supported and discontinued versions of the application delivery and networking security platform and tracked as CVE-2025-6543 (CVSS score of 9.2), the bug is described as a memory overflow issue.

Successful exploitation of the security defect could lead to unintended control flow and denial-of-service (DoS), Citrix notes in its advisory.

The tech giant says only NetScaler deployments configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an authentication, authorization, and accounting (AAA) virtual server are affected.

“Exploits of CVE-2025-6543 on unmitigated appliances have been observed,” Citrix says, without detailing the observed attacks.

Patches for the zero-day were included in NetScaler ADC and NetScaler Gateway versions 14.1-47.46 and 13.1-59.19, and in NetScaler ADC versions 13.1-FIPS and 13.1-NDcPP 13.1-37.236.

Advertisement. Scroll to continue reading.

Citrix warns that NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0, which have been discontinued, are affected as well, urging customers to migrate to a supported, patched iteration.

“Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerabilities. Customers need to upgrade these NetScaler instances to the recommended NetScaler builds to address the vulnerabilities,” the company says.

The zero-day came to light one week after Citrix patched another critical-severity NetScaler vulnerability, namely CVE-2025-5777 (CVSS score of 9.3).

Described as an out-of-bounds memory read caused by insufficient input validation, last week’s flaw has been compared to CitrixBleed, a defect that provided access to device memory and session tokens, allowing attackers to bypass multi-factor authentication.

While there have been no reports of CVE-2025-5777’s exploitation, security researcher Kevin Beaumont suggests that attackers may soon target it.

Calling the bug CitrixBleed2, Beaumont urges organizations to immediately identify exposed NetScaler instances, apply the patches, and terminate all active sessions, as per Citrix’s recommendations.

Related: Citrix Warns of Password Spraying Attacks Targeting NetScaler Appliances

Related: Exploitation Attempts Target Citrix Session Recording Vulnerabilities

Related: Citrix, Fortinet Patch High-Severity Vulnerabilities

Related: Citrix, Cisco, Fortinet Zero-Days Among 2023’s Most Exploited Vulnerabilities

Related Content

Network Security

Citrix urges customers to patch NetScaler after fixing six vulnerabilities, including the HTTP/2 Bomb flaw and a high-severity CitrixBleed-style information disclosure bug.

Ransomware

The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released.

Vulnerabilities

The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product.

Malware & Threats

The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling.

ICS/OT

CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog.

ICS/OT

The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.

Vulnerabilities

CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching.

Vulnerabilities

The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version