Particle.news
Download on the App Store
5 ARTICLES
·
last wk.

Dutch National Cyber Security Centre Confirms NetScaler Zero-Day Breaches

NCSC-NL cautions that patches alone cannot remove implanted web shells on NetScaler devices, requiring organizations to pursue comprehensive remediation.

Netscaler
Image
Image

Overview

  • The Netherlands National Cyber Security Centre confirmed that CVE-2025-6543 was exploited as a zero-day from early May to breach multiple critical organizations and that attackers actively removed forensic evidence.
  • Investigators discovered malicious web shells on compromised Citrix NetScaler appliances, indicating that threat actors maintain persistent remote access.
  • Security groups report thousands of NetScaler devices remain unpatched against CVE-2025-6543 and the related CitrixBleed 2 flaw (CVE-2025-5777), leaving high-value internet-facing gateways exposed.
  • The U.S. Cybersecurity and Infrastructure Security Agency added both CVE-2025-6543 and CVE-2025-5777 to its Known Exploited Vulnerabilities catalog, heightening compliance requirements for federal entities.
  • NCSC-NL and Citrix advise organizations to apply updates, terminate active sessions, run IOC-hunting scripts and engage incident response teams to eliminate existing compromises as investigations continue.