U.S. CISA Adds Citrix NetScaler Flaw to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken action against a critical vulnerability in Citrix NetScaler, adding it to its Known Exploited Vulnerabilities (KEV) catalog. The move is aimed at protecting federal agencies and private organizations from potential attacks exploiting this flaw.
About the Vulnerability
CVE-2025-6543, a memory overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway, has been added to the KEV catalog. This vulnerability can lead to unintended control flow and potentially cause a Denial of Service (DoS), disrupting service availability.
The flaw affects supported versions of NetScaler ADC and NetScaler Gateway configured as Gateways (e.g., VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual servers. Citrix has warned customers to install security updates to address this vulnerability, emphasizing that exploits have been observed on unmitigated appliances.
Consequences of the Vulnerability
The impact of CVE-2025-6543 is significant, with a CVSS score of 9.2. This rating indicates that the vulnerability is of high severity and can be exploited to achieve a high level of damage. Organizations that fail to address this vulnerability may face disruptions to their services, compromising national security and critical infrastructure.
Federal Agencies Required to Take Action
Federal agencies are required to fix the vulnerabilities by July 21, 2025. CISA has issued a Binding Operational Directive (BOD) 22-01, which outlines the necessary steps for agency heads to take action against identified vulnerabilities. Private organizations are also urged to review the KEV catalog and address the vulnerabilities in their infrastructure.
Previous Vulnerability Added to KEV Catalog
In January 2024, CISA added two more Citrix NetScaler vulnerabilities (CVE-2023-6548 and CVE-2023-6549) to its KEV catalog. These zero-day vulnerabilities have been actively exploited on unmitigated appliances. Citrix has urged customers to install updated versions as soon as possible.
CISA's efforts to address these vulnerabilities demonstrate the agency's commitment to protecting critical infrastructure from cyber threats. Organizations must take immediate action to patch these vulnerabilities and prevent potential disruptions to their services.
Stay Informed
For more information on this vulnerability, visit CISA's KEV catalog or follow CISA's Twitter account (@securityaffairs) for the latest updates on cybersecurity threats. Follow us on Facebook and Mastodon for expert analysis and advice on staying safe in the digital world.