In a troubling cybersecurity development, Dutch authorities have reported that hackers successfully infiltrated critical infrastructure through vulnerabilities present in Citrix's NetScaler products. This serves as a stark reminder of the significant risks that remain for organizations using outdated systems.
"Several critical organizations in the Netherlands have been successfully attacked" said the Dutch National Cyber Security Centre (NCSC), pointing to the memory-overflow vulnerability associated with both NetScaler ADC and NetScaler Gateway. The vulnerability is classified as CVE-2025-6543 and has been rated critical due to its potential impact.
"Several critical organizations in the Netherlands have been successfully attacked"
Career Journey
These hacks reportedly began in early May, predating Citrix’s public disclosure of the flaw on June 25, highlighting the sophisticated means employed by the attackers. The NCSC noted that the assailants used advanced techniques to erase evidence of their incursions, stating, "The investigation is ongoing, but it can now be concluded that perhaps not all questions about this digital attack can be answered."
Citrix also revealed a related vulnerability in June, known as CVE-2025-5777, which is similarly rated as critical. Data from the Shadowserver Foundation indicates that globally, over 3,300 NetScaler instances are susceptible to CVE-2025-5777, while more than 4,100 are vulnerable to CVE-2025-6543. "We see exploitation attempts for both vulnerabilities in our sensors," the foundation noted via social media, underscoring the growing threat.
"We see exploitation attempts for both vulnerabilities in our sensors,"
The implications of these incidents extend beyond the borders of the Netherlands, raising concerns about potentially similar breaches in the United States. According to the Shadowserver Foundation, approximately 1,300 NetScaler instances in the U.S. remain susceptible to at least one of the vulnerabilities.
Experts from Reliaquest expressed concerns about the gravity of the situation shortly after Citrix disclosed the second vulnerability. Their insights signal a broader call for urgency among organizations still reliant on NetScaler products.
The Cybersecurity and Infrastructure Security Agency (CISA) has recognized the imminent threat posed by these vulnerabilities, adding them to its Known Exploited Vulnerabilities catalog. The agency is working closely with Citrix and various partners to evaluate the extent of the problem. "CISA continues to urge all organizations to reduce their exposure to possible cyberattacks by immediately patching this vulnerability, if they haven’t done so already," remarked Chris Butera, the agency's acting executive assistant director for cybersecurity.
"CISA continues to urge all organizations to reduce their exposure to possible cyberattacks by immediately patching this vulnerability, if they haven’t done so already,"
"Given the widespread use of Citrix NetScaler ADC and Gateway systems," he continued, emphasizing the necessity of prompt action in light of the potential consequences of these flaws.
"Given the widespread use of Citrix NetScaler ADC and Gateway systems,"
The recent breaches in the Netherlands are a critical reminder of the cybersecurity landscape's volatility. Experts worry that such vulnerabilities could catalyze a surge of malicious attacks comparable to other significant cyber incidents witnessed in recent years. Organizations must remain vigilant and proactive in addressing these flaws to safeguard their critical infrastructure.
In light of these events, the need for organizations to implement timely security patches and maintain awareness of emerging vulnerabilities cannot be overstated. As the investigation unfolds, ensuring digital resilience remains a top priority for cybersecurity professionals.