The technology company Citrix has released important security updates to address a very critical flaw affecting its NetScaler ADC. The vulnerability, which is tracked as CVE-2025-6543, has a high CVSS score of 9.2 out of 10. The company also stated that this specific security flaw has now been actively exploited in the wild by attackers. This security disclosure comes shortly after Citrix patched another critical-rated security flaw in the same popular NetScaler ADC product.
Hackers are now actively exploiting this new vulnerability that is affecting several different NetScaler products used by companies.
The company described the critical zero-day vulnerability as a memory overflow defect that attackers can easily exploit. Successful exploitation could lead to unintended control flow and denial-of-service, according to the official Citrix security advisory. The company has not revealed how the flaw is being exploited in any of the real-world attacks.
Experts have compared these new vulnerabilities to the infamous “Citrix Bleed,” which was a widely exploited bug in 2023. That security flaw was used by many ransomware gangs and nation-states to attack dozens of different government organizations. A cybersecurity expert warned that thousands of NetScaler installations are currently exposed to the public internet.
He added that these flaws allow threat actors to read sensitive data that can be used to bypass multifactor authentication.
The United Kingdom’s National Health Service released its own notice comparing the vulnerabilities to the original Citrix Bleed. Attackers could use these stolen session tokens to hijack existing user sessions, allowing access into the corporate network. This would effectively bypass many different authentication controls, such as the widely used multi-factor authentication security measure. The original Citrix Bleed bug caused alarm among defenders because of how many hospitals and other critical infrastructure organizations use NetScaler.
Reference:
