Citrix has issued a warning about a serious vulnerability in NetScaler devices, designated CVE-2025-6543. This flaw is being actively exploited. The vulnerability often leads to a denial-of-service situation, in which affected devices go offline and become unresponsive.
This has been reported by BleepingComputer. According to Citrix’s security advisory, attacks have already been observed on systems that have not yet been updated with the necessary security patch.
The vulnerability, internally referred to as CTX694788, is a critical security flaw in both NetScaler ADC and NetScaler Gateway. External requests from unauthorized users can cause the problem. This renders the vulnerable devices inoperable. Systems configured as Gateways are susceptible to this flaw.
The error affects various versions of the NetScaler product line. These include NetScaler ADC and Gateway versions prior to 14.1-47.46, version 13.1 prior to 13.1-59.19, and NetScaler ADC 13.1-FIPS and NDcPP prior to version 13.1-37.236. Citrix has released updates that address the issue in the specified versions. The vendor advises organizations to apply them as soon as possible.
Previous vulnerabilities not fixed
This new warning comes at a time when system administrators are also dealing with another serious vulnerability: CitrixBleed 2. This flaw, registered as CVE-2025-5777, enables attackers to hijack user sessions by extracting session tokens from the memory of a vulnerable device. CitrixBleed 2 bears a strong resemblance to an older bug from 2023, which criminals used in attacks on government institutions and was exploited by ransomware groups.
Citrix recommends that administrators update their NetScaler systems immediately with the latest updates. They should also actively monitor for abnormal user sessions or unusual behavior. Reviewing access settings is also recommended to prevent further damage. BleepingComputer contacted Citrix for more information about the nature of the attacks but is still awaiting a response.
Also read: “Citrix Bleed”: massive exploitation of NetScaler vulnerability