Patch now! DoS attacks on Citrix NetScaler ADC and Gateway observed

Attackers are currently targeting a “critical” vulnerability in Citrix NetScaler ADC and Gateway and are attacking instances. Security updates are available. However, support has expired for some versions.

Vulnerable versions

In a warning message, the developers explain that the following versions are vulnerable to the vulnerability (CVE-2025-6543 / EUVD-2025-19085, CVSS 9.2, risk “critical”):

• NetScaler ADC and NetScaler Gateway 14.1
• NetScaler ADC and NetScaler Gateway 13.1
• NetScaler ADC 13.1-FIPS and NDcPP
• NetScaler ADC and NetScaler Gateway 13.0
• NetScaler ADC and NetScaler Gateway 12.1

Versions 13.1-37.236-FIPS and NdcPP, 13.1-59.19 and 14.1-47.46 are protected against the current attacks. Support for versions 12.1 and 13.0 has expired and there are no more security updates. These editions therefore remain vulnerable, and admins must upgrade to a version that is still supported.

Admins of on-premise instances should install the updates immediately. According to Citrix, the cloud instances managed by Citrix are already secured. The developers point out that Secure Private Access on-prem or Secure Private Access hybrid implementations that use NetScaler instances are also affected by the vulnerability.

Background

The developers state that instances are only vulnerable if NetScaler is configured as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or AAA virtual server. If this is the case, attackers can trigger memory errors in an unspecified way, which leads to DoS states. The extent of the attacks is currently unknown.

Just a few days ago, the manufacturer of network products made headlines with CitrixBleed 2.

(des)