Kevin BeaumontAug 28, 2025

New by me: Citrix forgot to tell you there was a zero day RCE vulnerability used widely since at least May in Netscaler.

Nobody released any technical information until now.

It has been used to pop "critical" organisations in the Netherlands and worldwide.

What to do:

https://doublepulsar.com/citrix-forgot-to-tell-you-cve-2025-6543-has-been-used-as-a-zero-day-since-may-2025-d76574e2dd2c

Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025

A look into what action Netscaler customers need to take ASAP.

Medium
ApewearingasuitSep 1, 2025
Show threadKevin Beaumont
Another by me: webshell backdoors on Netscalers, part one. https://doublepulsar.com/citrix-netscaler-backdoors-part-one-may-2025-activity-against-governments-f48037199c3f
Citrix Netscaler backdoors — Part One — May 2025 activity against governments

A look at initial access and webshell deployment earlier this year.

Medium
Sep 1, 2025 at 8:17amWeb