Citrix has issued an emergency patch for a critical vulnerability in its NetScaler ADC and NetScaler Gateway products, identified as CVE-2025-6543, which has a severity score of 9.2. This memory overflow vulnerability can cause unauthorized control flows and denial of service when the devices function as gateway virtual servers or AAA servers. Even before Citrix's patch, hackers exploited this zero-day vulnerability. Industry watchers note that the flaw could lead to serious consequences beyond mere denial-of-service attacks, possibly allowing code execution on affected devices.
Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued an emergency patch for yet another super-serious flaw in the same products - but not before criminals found and exploited it as a zero-day.
The CVSS metrics reflect code execution or similar, not DoS as the most impactful outcome. Vulnerable appliances being observed to enter a 'denial of service condition' likely reflects failed exploitation, given the class of vulnerability being discussed here.
Collection
[
|
...
]