Recent security disclosures have highlighted serious vulnerabilities in two widely used enterprise networking solutions: Citrix’s NetScaler ADC and Cisco’s Identity Services Engine (ISE). These flaws pose significant risks, including potential system disruptions and unauthorized access, prompting urgent updates from both vendors.
Critical Flaw in NetScaler ADC
Citrix has released an advisory regarding a severe security vulnerability affecting its NetScaler ADC and Gateway products. This flaw, identified as CVE-2025-6543, involves a memory overflow that could enable attackers to cause a denial-of-service (DoS) or, in some cases, execute malicious code on the device.
The vulnerability affects systems configured as a Gateway (used for VPN, remote desktop, or proxy services). Attackers exploiting this flaw could potentially crash the device or run malicious code, leading to service outages or unauthorized control of the system. Exploits have already been observed in real-world scenarios.
Affected Versions
Affected versions include:
- NetScaler ADC and Gateway before 14.1-47.46
- NetScaler ADC and Gateway before 13.1-59.19
- Certain FIPS and NDcPP builds prior to 13.1-37.236
Older versions, such as 12.1 and 13.0, are no longer supported and are inherently vulnerable.
Citrix recommends updating affected systems to the latest supported versions that contain patches for this vulnerability:
- NetScaler ADC and Gateway 14.1-47.46 and later
- NetScaler ADC and Gateway 13.1-59.19 and later
- Specific FIPS and NDcPP builds
Organizations running unsupported versions should plan to upgrade as soon as possible to avoid potential exploitation.
Learn more on Citrix’s official security bulletin post.
Flaws in Identity Services Engine (ISE)
Also recently released were patches for two critical vulnerabilities affecting Cisco’s Identity Services Engine (ISE), a platform widely used for managing network security and access.
- Authorization Bypass – This flaw, tracked as CVE-2025-20264, allows an attacker with valid credentials to bypass authorization controls, potentially modifying system settings or causing system restarts. The vulnerability arises from insufficient enforcement of access controls when Cisco ISE is integrated with external identity providers via SAML SSO.
- Remote Code Execution – More concerning are two flaws (tracked as (CVE-2025-20281 and CVE-2025-20282) that could enable an attacker to execute arbitrary commands or upload malicious files without authentication. These vulnerabilities could allow malicious actors to gain root-level control over the affected system, making them highly dangerous.
These vulnerabilities affect Cisco ISE versions 3.3 and later (for the authorization bypass) and version 3.4 (for remote code execution). Cisco has released patches for these issues, and updating to the recommended versions is essential to maintaining security.
Organizations should review their Cisco ISE deployments and apply the latest software updates. Systems running older, unsupported versions remain at risk.
Exploiting these flaws could lead to significant disruptions:
- Unauthorized control of network devices
- Service outages affecting business operations
- Potential exposure of sensitive data
- Because exploits are actively being used in some cases, prompt action is advised for organizations relying on affected products.
Maintaining network security requires regular updates and vigilance. If your organization uses Citrix NetScaler ADC or Cisco ISE, verify your system versions and apply available patches without delay. The key is ensuring your network equipment is running the latest software.
To learn more and stay up to date with Cisco updates and patches, visit their security advisories page here.
Leave a Reply