Citrix has released urgent security updates to fix a critical vulnerability in NetScaler ADC and NetScaler Gateway that is currently being exploited in the wild.
The flaw, tracked as CVE-2025-6543, is described as a memory overflow issue that could lead to unintended control flow or denial-of-service (DoS). Successful exploitation requires that the appliance be configured as a Gateway or AAA virtual server, such as for VPN, ICA Proxy, CVPN, or RDP Proxy.
The vulnerability affects NetScaler ADC and Gateway 14.1 before 14.1-47.46; NetScaler ADC and Gateway 13.1 before 13.1-59.19; NetScaler ADC and Gateway 13.0 and 12.1 (both end-of-life); NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.236.
Citrix has confirmed that exploitation has been observed on unpatched systems, though details of the attacks have not been disclosed. The company urged customers using impacted builds to immediately upgrade to the recommended versions.
The advisory follows a fix for another critical vulnerability, CVE-2025-5777, also targeting NetScaler ADC.
Meanwhile, the US Cybersecurity and Infrastructure Security Agency (CISA) added three more exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:
CVE-2024-54085 – An authentication bypass in AMI MegaRAC allowing full remote control.
CVE-2024-0769 – A path traversal flaw in the now end-of-life D-Link DIR-859 router.
CVE-2019-6693 – A hard-coded key vulnerability in Fortinet products linked to the Akira ransomware group.
