Citrix has released a critical security bulletin addressing a vulnerability affecting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Citrix NetScaler is an all-in-one load balancer, web application firewall (WAF), virtual private network (VPN) gateway and SSL offloading tool for web applications.
- CVE-2025-6543 is a ‘memory overflow’ vulnerability with a CVSSv4 base score of 9.2. Successful exploitation could allow a remote unauthenticated attacker to gain unintended control flow and perform denial-of-service (DoS) in NetScaler ADC and NetScaler Gateway. NetScaler is only vulnerable to CVE-2025-6543 when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Siemens Patches Vulnerabilities in SIMATIC CP, XHQ
June 23, 2017
Siemens patched two vulnerabilities in products commonly found in industrial control system setups this week. If exploited the flaws could allow an attacker to perform administrative actions or gain read access to sensitive data on affected systems. Siemens patched one issue (.PDF) on Tuesday and the other on Thursday (.PDF) this week. ICS-CERT, the Department of ...
- Virgin Media tells 800,000 users to change passwords over hub hacking risk
June 23, 2017
Virgin Media is advising more than 800,000 customers with a specific router to change their password immediately after an investigation found hackers could gain access to it. Virgin Media said the risk to customers with a Super Hub 2 router was small, but advised them to change both their network and router passwords if they were ...
- Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month
June 14, 2017
As part of June’s Patch Tuesday, Microsoft has released security patches for a total of 96 security vulnerabilities across its products, including fixes for two vulnerabilities being actively exploited in the wild. This month’s patch release also includes emergency patches for unsupported versions of Windows platform the company no longer officially supports to fix three Windows ...
- Hackers Started Using “SambaCry Flaw” to Hack Linux Systems
June 10, 2017
Two weeks ago we reported about a 7-year-old critical remote code execution vulnerability in Samba networking software (re-implementation of SMB networking protocol) that allows a remote hacker to take full control of a vulnerable Linux and Unix machines. To know more about the SambaCry vulnerability (CVE-2017-7494) and how it works, you can read our previous article. At ...
- Group Behind NSA Dump That Led to WannaCry Opens 0-Day Exploit Subscription
May 30, 2017
Infamous hacking group Shadow Brokers has promised to release more zero-day exploits, such as the one that has made life a misery for some 300,000 people across the world via WannaCry. Now, the group isn’t just after wreaking havoc, but also after making some money, since the releases will be made for a special club ...
- Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication
May 30, 2017
What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge? Sounds really scary! Isn’t it? But this scenario is not only possible but is hell easy to accomplish. A UX design flaw in the Google’s ...