Netherlands: Exploitation of Citrix Netscaler Vulnerability CVE-2025-6543 Leads to Breaches in Organizations.
The Netherlands’ National Cyber Security Centre (NCSC) has issued a warning regarding a critical vulnerability in Citrix NetScaler, identified as CVE-2025-6543, which has been exploited to breach several critical organisations within the country. This vulnerability is a memory overflow bug that can lead to unintended control flow or a denial of service state on affected devices. Citrix’s advisory explains that the flaw affects NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Citrix released a bulletin on June 25, 2025, detailing the vulnerable versions, including 14.1 before 14.1-47.46, 13.1 before 13.1-59.19, and others, with older versions like 12.1 and 13.0 being end-of-life but still vulnerable.
The NCSC’s warning indicates that the vulnerability was initially thought to be exploited for denial of service (DoS) attacks, but it has since been confirmed that attackers used it for remote code execution. The NCSC has determined that multiple critical organisations in the Netherlands have been successfully attacked via CVE-2025-6543, with evidence of the intrusions actively removed by the attackers. These attacks reportedly began in early May, nearly two months prior to Citrix’s bulletin, allowing the flaw to be exploited as a zero-day for an extended period. Although specific organisations were not named, the Openbaar Ministerie (OM), the Public Prosecution Service of the Netherlands, disclosed a compromise on July 18, which was discovered following an NCSC alert. To mitigate the risks associated with CVE-2025-6543, organisations are advised to upgrade to the latest versions of NetScaler ADC and NetScaler Gateway and to terminate all active sessions after applying the updates.
Categories: Cybersecurity Vulnerabilities, Remote Code Execution, Organizational Impact
Tags: Citrix, NetScaler, Vulnerability, CVE-2025-6543, Memory Overflow, Remote Code Execution, Denial of Service, NCSC, Zero-Day, Organizations