The Netherlands' National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach "critical organizations" in the country.
The critical flaw is a memory overflow bug that allows unintended control flow or a denial of service state on impacted devices.
"Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server," explains Citrix's advisory.
Citrix issued a bulletin about the flaw on June 25, 2025, warning that the following versions were vulnerable to ongoing attacks:
14.1 before 14.1-47.46
13.1 before 13.1-59.19
13.1-FIPS and 13.1-NDcPP before 13.1-37.236
12.1 and 13.0 → End-of-Life but still vulnerable (no fixes provided, upgrade to a newer release recommended)
While the flaw was initially thought to be exploited in denial of service (DoS) attacks, the NCSC's warning now indicates that the attackers exploited it to achieve remote code execution.
The NCSC's warning about CVE-2025-6543 confirms that hackers have leveraged the flaw to breach multiple entities in the country, and then wiped traces of the attacks to eliminate evidence of the intrusions.
... continue reading