Citrix fixes another critical flaw, already exploited

On June 25, 2025, just days after patching two critical vulnerabilities, Citrix issued an urgent advisory for a newly discovered flaw that is being actively exploited in the wild.

The vulnerability, tracked as CVE-2025-6543, is rated Critical and carries a CVSS score of 9.2 out of 10. It could enable an unauthenticated threat actor to trigger a denial-of-service (DoS) condition. The flaw can be exploited remotely and without authentication, making it a low-effort but high-impact threat.

 Like its predecessors, this vulnerability affects NetScaler ADC and NetScaler Gateway appliances that are configured as Gateway or AAA virtual servers. The impacted versions include NetScaler versions:

• 14.1 before 14.1-47.46,
• 13.1 before 13.1-59.19, and
• 13.1-FIPS/NDcPP before 13.1-37.236

 Additionally, NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now considered end of life and no longer supported.

Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities. Citrix released fixes in the respective updated versions and strongly urges administrators to apply them immediately.

Stay on top of emerging threats.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

Analyst notes:

Citrix infrastructure remains a high-value target, and organizations are advised to update to the latest versions immediately and monitor their NetScaler instances for unusual behavior, such as unexpected session drops or service interruptions. Citrix also recommends reviewing access controls and logging configurations to detect potential exploitation attempts.