Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A newly disclosed critical memory overflow vulnerability could lead to denial-of-service attacks.
Citrix is having a pretty bad week.
It’s bad enough that one pair of newly disclosed NetScaler vulnerabilities, revealed on 17 June, is already being referred to as CitrixBleed2 by security researchers, but hot on the heels of that disclosure comes a third vulnerability in its NetScaler products.
“Citrix has surprised us all again with yet another severe vulnerability (CVE-2025-6543) in their NetScaler appliance – ubiquitous across the enterprise world,” Benjamin Harris, CEO and founder of watchTowr, told Cyber Daily.
And even worse, hackers are already on the job.
“The unfortunate difference this time is the fact that these vulnerabilities have been highlighted as being actively exploited in the wild already,” Harris said.
“This means that affected organisations need to not just apply the patch, but also now determine if they have been affected by exploitation that has already occurred. As always, I’m sure we will see more information appear in the coming days.”
This new vulnerability, CVE-2025-6543, has a severity rating of 9.2 out of 10 and is a memory overflow vulnerability that could lead to unintended control flow and denial-of-service attacks. It impacts the following versions:
Citrix notes that NetScaler ADC 12.1-FIPS is not affected by this vulnerability, but that NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life. Citrix recommends that customers upgrade older appliances to newer versions.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
