Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025
This title could be clearer and more informative.Try out Clickbait Shieldfor free (5 uses left this month).
CVE-2025-6543, a critical Citrix Netscaler vulnerability, has been actively exploited as a zero-day since May 2025, allowing remote code execution through memory overflow attacks. Despite Citrix initially describing it as merely causing denial of service, the vulnerability has led to widespread compromise of government and legal services worldwide, with attackers deploying webshells and maintaining persistent access even after patching. NCSC Netherlands revealed the true scope of the attacks, showing that threat actors exploited client certificate handling to overwrite memory and execute code, while Citrix failed to provide transparent communication about the severity and active exploitation to customers.
Table of contents
Casus: Citrix kwetsbaarheid (Update 13-08-2025)So what’s going on really?Huntingcitrix-2025/live-host-bash-check/TLPCLEAR_check_script_cve-2025-6543-v1.8.sh at main ·…citrix-2025/core-dump-checks at main · NCSC-NL/citrix-2025Get Kevin Beaumont’s stories in your inboxSort: