Citrix NetScaler ADC and Gateway Vulnerability Actively Exploited in the Wild
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Cloud Software Group has issued an urgent security advisory warning customers about a critical memory overflow vulnerability in NetScaler ADC and Gateway products, which could enable denial-of-service attacks. Exploits of this vulnerability have already been observed in the wild.
The vulnerability, tracked as CVE-2025-6543, carries a CVSS v4.0 base score of 9.2, classifying it as critical severity. This memory overflow flaw stems from improper restriction of operations within memory buffer bounds (CWE-119), a dangerous weakness that has consistently ranked among the most serious software vulnerabilities.
The vulnerability affects NetScaler deployments configured as Gateway services, including VPN virtual servers, ICA Proxy, CVPN, RDP Proxy, or AAA virtual servers.
When exploited, the flaw can lead to unintended control flow and denial of service conditions, potentially disrupting critical business operations for organizations relying on these enterprise networking solutions.
Affected Systems and Versions
The vulnerability impacts multiple versions of the NetScaler ADC and NetScaler Gateway products. Specifically affected are NetScaler ADC and Gateway versions 14.1 before 14.1-47.46, version 13.1 before 13.1-59.19, and NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.236. Notably, NetScaler ADC 12.1-FIPS remains unaffected by this particular vulnerability.
Organizations using end-of-life versions 12.1 and 13.0 face additional risks, as these versions are no longer supported but remain vulnerable. Cloud Software Group strongly recommends upgrading these legacy systems to supported versions that address the security flaws.
NetScaler products serve as critical infrastructure components for enterprise networks, with an estimated 75 percent of all Internet traffic passing through these application delivery controllers.
The products help organizations reduce server costs, optimize bandwidth, improve security, and simplify remote access configurations for virtual desktop infrastructure.
This vulnerability follows a pattern of serious security issues affecting NetScaler products. Previous critical flaws, including CVE-2023-4966 (known as “CitrixBleed”) and CVE-2023-3519, were actively exploited by threat actors to compromise enterprise networks.
The CitrixBleed vulnerability alone enabled session hijacking attacks against organizations, while CVE-2023-3519 allowed attackers to implant webshells on critical infrastructure systems.
Cloud Software Group has confirmed that exploits targeting CVE-2025-6543 have already been observed on unmitigated appliances, emphasizing the urgent need for remediation.
This active exploitation mirrors previous NetScaler vulnerabilities that were quickly weaponized by cybercriminals and state-sponsored actors.
The vulnerability particularly threatens organizations that rely on NetScaler Gateway for secure remote access to applications and virtual desktop environments. Given the widespread deployment of these products in enterprise environments, the potential for widespread impact is significant.
Cloud Software Group strongly urges affected customers to immediately install updated versions: NetScaler ADC and Gateway 14.1-47.46 or later, version 13.1-59.19 or later, and NetScaler ADC 13.1-FIPS/NDcPP 13.1-37.236 or later. Customers requiring FIPS-certified builds should contact Cloud Software Group support directly for assistance.
The advisory applies specifically to customer-managed NetScaler deployments, as Cloud Software Group automatically updates its managed cloud services. Organizations should prioritize patching efforts given the critical nature of this vulnerability and confirmed active exploitation.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Citrix NetScaler ADC and Gateway Vulnerability Actively Exploited in the Wild
Author: Guru BaranCloud Software Group has issued an urgent security advisory warning customers about a critical memory overflow vulnerability in NetScaler ADC and Gateway products, which could enable denial-of-service attacks. Exploits of this vulnerability have already been observed in the wild.
The vulnerability, tracked as CVE-2025-6543, carries a CVSS v4.0 base score of 9.2, classifying it as critical severity. This memory overflow flaw stems from improper restriction of operations within memory buffer bounds (CWE-119), a dangerous weakness that has consistently ranked among the most serious software vulnerabilities.
The vulnerability affects NetScaler deployments configured as Gateway services, including VPN virtual servers, ICA Proxy, CVPN, RDP Proxy, or AAA virtual servers.
When exploited, the flaw can lead to unintended control flow and denial of service conditions, potentially disrupting critical business operations for organizations relying on these enterprise networking solutions.
Affected Systems and Versions
The vulnerability impacts multiple versions of the NetScaler ADC and NetScaler Gateway products. Specifically affected are NetScaler ADC and Gateway versions 14.1 before 14.1-47.46, version 13.1 before 13.1-59.19, and NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.236. Notably, NetScaler ADC 12.1-FIPS remains unaffected by this particular vulnerability.
Organizations using end-of-life versions 12.1 and 13.0 face additional risks, as these versions are no longer supported but remain vulnerable. Cloud Software Group strongly recommends upgrading these legacy systems to supported versions that address the security flaws.
NetScaler products serve as critical infrastructure components for enterprise networks, with an estimated 75 percent of all Internet traffic passing through these application delivery controllers.
The products help organizations reduce server costs, optimize bandwidth, improve security, and simplify remote access configurations for virtual desktop infrastructure.
This vulnerability follows a pattern of serious security issues affecting NetScaler products. Previous critical flaws, including CVE-2023-4966 (known as “CitrixBleed”) and CVE-2023-3519, were actively exploited by threat actors to compromise enterprise networks.
The CitrixBleed vulnerability alone enabled session hijacking attacks against organizations, while CVE-2023-3519 allowed attackers to implant webshells on critical infrastructure systems.
Cloud Software Group has confirmed that exploits targeting CVE-2025-6543 have already been observed on unmitigated appliances, emphasizing the urgent need for remediation.
This active exploitation mirrors previous NetScaler vulnerabilities that were quickly weaponized by cybercriminals and state-sponsored actors.
The vulnerability particularly threatens organizations that rely on NetScaler Gateway for secure remote access to applications and virtual desktop environments. Given the widespread deployment of these products in enterprise environments, the potential for widespread impact is significant.
Cloud Software Group strongly urges affected customers to immediately install updated versions: NetScaler ADC and Gateway 14.1-47.46 or later, version 13.1-59.19 or later, and NetScaler ADC 13.1-FIPS/NDcPP 13.1-37.236 or later. Customers requiring FIPS-certified builds should contact Cloud Software Group support directly for assistance.
The advisory applies specifically to customer-managed NetScaler deployments, as Cloud Software Group automatically updates its managed cloud services. Organizations should prioritize patching efforts given the critical nature of this vulnerability and confirmed active exploitation.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
