Thousands of Citrix NetScaler instances are vulnerable to recently disclosed critical flaws, including a zero-day that is actively exploited in the wild. Prompt patching is essential to prevent potential control flow issues, denial of service, and session hijacking attacks. #CVE-2025-5777 #CVE-2025-6543
Keypoints
- Critical vulnerabilities CVE-2025-5777 and CVE-2025-6543 affect Citrix NetScaler gateways and AAA servers.
- Exploitation can lead to out-of-bounds memory reads, control issues, DoS, and session hijacking.
- Over 69,000 deployment instances are Internet-exposed, with thousands vulnerable to these flaws.
- Security researchers and agencies warn of active exploitation and urge immediate patching.
- Discontinued NetScaler versions are also impacted, emphasizing the need for urgent updates.