Citrix is having a pretty bad week.
It’s bad enough that one pair of newly disclosed NetScaler vulnerabilities, revealed on 17 June, is already being referred to as CitrixBleed2 by security researchers, but hot on the heels of that disclosure comes a third vulnerability in its NetScaler products.
“Citrix has surprised us all again with yet another severe vulnerability (CVE-2025-6543) in their NetScaler appliance – ubiquitous across the enterprise world,” Benjamin Harris, CEO and founder of watchTowr, told Cyber Daily.
And even worse, hackers are already on the job.
“The unfortunate difference this time is the fact that these vulnerabilities have been highlighted as being actively exploited in the wild already,” Harris said.
“This means that affected organisations need to not just apply the patch, but also now determine if they have been affected by exploitation that has already occurred. As always, I’m sure we will see more information appear in the coming days.”
This new vulnerability, CVE-2025-6543, has a severity rating of 9.2 out of 10 and is a memory overflow vulnerability that could lead to unintended control flow and denial-of-service attacks. It impacts the following versions:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.46
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.19
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.236-FIPS and NDcPP
Citrix notes that NetScaler ADC 12.1-FIPS is not affected by this vulnerability, but that NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life. Citrix recommends that customers upgrade older appliances to newer versions.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.