Urgent: Dutch NCSC Warns of Exploited Citrix NetScaler Zero-Day Vulnerability
The Dutch National Cyber Security Centre (NCSC) has issued an urgent warning about a critical vulnerability in Citrix NetScaler products. The flaw, identified as CVE-2025-6543, has been exploited as a zero-day since early May, affecting organisations including the Dutch Public Prosecution Service. The NCSC urges immediate action to mitigate the risk.
The vulnerability, a memory overflow flaw, can lead to unintended control flow and Denial of Service (DoS), and has been added to the U.S. CISA's Known Exploited Vulnerabilities (KEV) catalog. Affected versions include NetScaler ADC and NetScaler Gateway 13.1 before 13.1-59.19, 13.1-FIPS and NDcPP before 13.1-37.236-FIPS and NDcPP, and 14.1 before 14.1-47.46.
Organisations are advised to increase their security posture and apply the relevant patches immediately. If Indicators of Compromise (IOCs) are found, further investigation is needed, and assistance can be sought from [email protected]. The NCSC has released a detection script on GitHub to aid in identifying potential compromises.
CVE-2025-6543 allows remote code execution and has been used to compromise multiple critical organisations. While there are no publicly available verified reports indicating which other Dutch organisations were affected between May and August 2021, the NCSC warns that the flaw is being exploited in the Netherlands. Organisations using affected Citrix NetScaler products are strongly advised to take immediate action to protect their systems.
Read also:
- Ford Discontinues Popular Top-Seller in Staggering Shift, Labeled as a "Model T Event"
- 2025 Witnesses a 27% Surge in Worldwide Electric Vehicle Sales, Despite Opposition to Electrification Policies in the U.S.
- Summarized Report: Insights from the Realm of Transportation
- Recorded surge in electric vehicle registrations during the initial half of the year
