Citrix bleeds again: This time a zero-day exploited - patch now
theregister.co.ukHot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued an emergency patch for yet another super-serious flaw in the same products — but not before criminals found and exploited it as a zero-day.
This new critical vulnerability, tracked as CVE-2025-6543, received a 9.2 severity score. It's a memory overflow vulnerability that can lead to unintended control flow and denial of service when the affected security appliances are configured as a gateway virtual server or an authentication, authorization, and accounting (AAA) virtual server.
It affects:
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-47.46
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-59.19
- NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.236-FIPS and NDcPP
- End-of-life NetScaler ADC and Gateway versions 12.1 and 13 ...
Copyright of this story solely belongs to theregister.co.uk . To see the full text click HERE