U.S. CISA Adds Citrix NetScaler Vulnerability to Known Exploited Vulnerabilities Catalog

240/68 Wednesday, July 2, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly identified vulnerability in Citrix NetScaler to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, tracked as CVE-2025-6543, has a CVSS score of 9.2 and is classified as a memory overflow flaw. If exploited, it could lead to unintended control of the system or a Denial-of-Service (DoS) attack. The vulnerability specifically affects systems configured as a Gateway or AAA Virtual Server, such as VPN Virtual Server, ICA Proxy, CVPN, or RDP Proxy.

The vulnerability impacts the following versions of NetScaler ADC and NetScaler Gateway:

  • NetScaler ADC 13.1-FIPS and NDcPP earlier than version 13.1-37.236-FIPS and NDcPP
  • NetScaler ADC and NetScaler Gateway 14.1 earlier than version 14.1-47.46
  • NetScaler ADC and NetScaler Gateway 13.1 earlier than version 13.1-59.19

CISA has mandated that all U.S. federal agencies address this vulnerability by July 21, 2025, in accordance with Binding Operational Directive (BOD) 22-01, to mitigate the risk of exploitation. Cybersecurity experts are also advising private sector organizations to inspect their systems and update accordingly based on the information provided in the KEV Catalog.

CISA had previously listed related vulnerabilities in Citrix NetScaler, including CVE-2023-6548 (Code Injection) and CVE-2023-6549 (Buffer Overflow), both of which were exploited as zero-day vulnerabilities. Citrix has released patches for all these issues and recommends that users promptly update to the latest secure versions to defend against potential future attacks.

Source https://securityaffairs.com/179476/hacking/u-s-cisa-adds-citrix-netscaler-flaw-to-its-known-exploited-vulnerabilities-catalog.html