Citrix has released a security update to address critical flaws affecting Netscaler ADCs that are said to have been exploited by Wild.
The CVSS score for vulnerabilities tracked as CVE-2025-6543 is 9.2 out of a maximum of 10.0.
It is described as a case of memory overflow that can result in unintended flow of control and denial of service. However, for the exploit to be successful, the appliance must be configured as a gateway (VPN Virtual Server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server.
The drawbacks affect the following versions –
Netscaler ADC and Netscaler Gateway 14.1 Before 14.1-47.46 Netscaler ADC and Netscaler Gateway 13.1 Before 13.1-59.19 Netscaler Gateway ADC and Netscaler Gateway 12.1 and 13.0 (vulnerable and LIFE and Terminated ADC 13.1-FIPS and NDCALER ADC 13.1-FIPS and NETSCALER GATEWAY 12.1 and 13.0 (13.1-37.236-FIPS and NDCPP
“Secured private access on-plame or secure private access hybrid deployments using Netscaler instances are also vulnerable,” Citrix said.
“Customers need to upgrade these Netscaler instances to the recommended Netscaler builds to address the vulnerability.”
The company did not reveal how the flaws are being exploited in real-world attacks, but said “We have observed misuse of CVE-2025-6543 on unexempt electronics.”
This disclosure comes shortly after Citrix patches another critical evaluation security flaw of Netscaler ADC (CVE-2025-5777, CVSS score: 9.3).
Source link
