Citrix warns of NetScaler vulnerability exploited in DoS assaults

Citrix is warning {that a} vulnerability in NetScaler home equipment tracked as CVE-2025-6543 is being actively exploited within the wild, inflicting gadgets to enter a denial of service situation.

“Exploits of CVE-2025-6543 on unmitigated home equipment have been noticed,” warns Citrix’s advisory.

Tracked internally as CTX694788, CVE-2025-6543 is a important flaw impacting NetScaler ADC and NetScaler Gateway and might be triggered by unauthenticated, distant requests, main the equipment to go offline.

The flaw impacts NetScaler ADC and NetScaler Gateway variations 14.1 earlier than 14.1-47.46, 13.1 earlier than 13.1-59.19, and NetScaler ADC 13.1-FIPS and NDcPP earlier than 13.1-37.236-FIPS and NDcPP.

It solely impacts NetScaler gadgets configured as a Gateway (VPN digital server, ICA Proxy, Clientless VPN (CVPN), RDP Proxy) or an AAA digital server.

Citrix mounted the flaw in NetScaler ADC and Gateway 14.1-47.46, 13.1-59.19, and ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.236 and later releases of 13.1-FIPS and 13.1-NDcPP.

The warning arrives as admins cope with one other important NetScaler flaw dubbed CitrixBleed 2.

That bug, tracked as CVE-2025-5777, permits attackers to hijack person classes by extracting session tokens from a tool’s reminiscence.

The same Citrix flaw named “CitrixBleed” was beforehand utilized by ransomware gangs and in assaults on governments in 2023 to achieve widescale entry to NetScaler gadgets and transfer laterally throughout company environments.

With each flaws being important bugs, directors are suggested to use the newest patches from Citrix as quickly as attainable.

Firms must also monitor their NetScaler situations for uncommon person classes, irregular habits, and to overview entry controls.

BleepingComputer contacted Citrix to learn the way CVE-2025-6543 is being exploited in assaults and can replace this text if we obtain a response.