Citrix warns of exploitation of Netscaler devices through new bugs
Hackers are exploiting a new vulnerability affecting several NetScaler products used by companies to manage network traffic.
Citrix published an advisory on Wednesday about CVE-2025-6543, a vulnerability carrying a severity score of 9.2 out of 10 that affects its Netscaler ADC and Netscaler Gateway appliances. The company said exploits of the vulnerability “on unmitigated appliances have been observed.”
Citrix urged customers to install updated versions of the software.
The advisory follows concerns about two other Netscaler vulnerabilities, tagged as CVE-2025-5349 and CVE-2025-5777. In its advisory last week, Citrix did not say if the bugs had already been exploited.
Researchers have speculated that the three bugs are likely connected but Citrix did not respond to requests for comment.
Experts compared the vulnerabilities from last week to Citrix Bleed — a widely exploited bug in 2023 that was used by ransomware gangs and nation-states to attack dozens of government organizations and major companies including Boeing and Toyota.
Cybersecurity expert Kevin Beaumont, who dubbed the recent bugs as “Citrix Bleed 2,” warned that thousands of NetScaler installations are exposed to the internet. CVE-2025-5349 and CVE-2025-5777 allow threat actors to read sensitive data that could be used to bypass multifactor authentication, he added.
The U.K.’s National Health Service released its own notice comparing the first two published vulnerabilities to Citrix Bleed, reiterating that the 2023 bug was heavily exploited by ransomware gangs.
CVE-2025-5777 could expose “sensitive information such as session tokens,” the NHS said.
“Attackers could use these tokens to hijack existing sessions, allowing access into the network, bypassing authentication controls such as multi-factor authentication (MFA),” they added.
The original Citrix Bleed bug caused alarm among defenders because of how many hospitals and critical infrastructure organizations use NetScaler ADC and NetScaler Gateway.
The U.S. Cybersecurity and Infrastructure Security Agency warned more than 300 organizations in 2023 of their exposure to Citrix Bleed.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.