Knowledge base

August 10, 2025

Citrix NetScaler hack at prosecutor’s office

 

Recently, the Public Prosecutor’s Office (OM) was hit hard by a serious security threat: a vulnerability in Citrix NetScaler, also known as Citrix Bleed 2, appears to have been actively exploited. Thanks to rapid embedding, the OM decided to completely disconnect its internal systems from the Internet – a drastic but necessary measure to prevent further damage. This incident underscores how crucial it is for Dutch organizations to proactively secure their remote access infrastructure in compliance with AVG, NEN7510 and ISO standards.

Governance and Lifecycle Management for Power BI

At ALTA-ICT, we combine compliance (ISO27001, NEN7510) with practical automation, so you benefit directly from:

  • ISO certified patch strategy

  • Measurable result: < 24-hour patch cycle + IoC detection

  • Dutch specialization: tailored advice for governments, SMEs and healthcare

  • Unique differentiator: 24/7 monitoring & automatic session termination

Read on to learn how to get your organization ready for such threats.

 

What happened?

Several critical vulnerabilities were discovered in Citrix NetScaler ADC and Gateway systems in June-July 2025. Specifically affected are CVE-2025-5777 (“Citrix Bleed 2”) and CVE-2025-6543. These can lead to data theft, session takeover and even complete system compromise.

CVE-2025-5777 (“Citrix Bleed 2”).

  • Allows attackers to extract session tokens and sensitive data from memory without authentication.

  • Recommended patch versions: 14.1-43.56, 13.1-58.32, FIPS variants.

  • Already actively abused before public disclosure.

CVE-2025-6543 (zero-day)

  • Memory overflow with potential for code execution and denial-of-service.

  • Crucial patch versions: 14.1-47.46+, 13.1-59.19+, FIPS variants.

  • Exploits are confirmed in the wild before patch release.

Impact on OM:

  • OM shut its systems offline in July after indications of abuse.

  • Employees could not work remotely; files were partially inaccessible.

  • Director IV-OM confirmed that the vulnerability was actually abused.

  • VVD asked parliamentary questions about patch timing.

NCSC and DIVD approach:

  • NCSC published advice on patching + monitoring for Indicators of Compromise (IoC).

  • DIVD supports with scans and notifications.

 

How can you respond? Implementation steps

  1. Inventory: Identify all Citrix devices and verify versions.

  2. Patching: Upgrade to 14.1-47.46+, 13.1-59.19+, FIPS variants.

  3. Ending sessions & resetting passwords.

  4. IoC verification & forensics.

  5. Governance & monitoring: 24/7 monitoring, segmentation, defense-in-depth.

  6. Communication and awareness: inform board, patch policy < 24 hours.

 

Challenges & Dutch context

  • Zero-day abuse before publication.

  • Delay due to bureaucracy.

  • Forensically difficult due to erased traces.

  • Cost & capacity shortages in SMEs.

Our approach:

  • ISO27001/NEN7510 certified processes.

  • AVG-compliant incident response.

  • Scalable monitoring for SMEs.

  • Governance & risk management support.

 

ROI: cost-benefits & cases

  • Cost savings: automatic patching and session management reduces incident costs to < 30%.

  • Case OM: major productivity and reputational damage.

  • Customer example: patched within 24 hours, uptime 99.9%.

 

 

Our ALTA-ICT approach

  • Certifications & processes: ISO27001, NEN7510, AVG.

  • Automation: patches, session kills, IoC scans within 24 hours.

  • Monitoring: real-time detection, segmentation.

  • Support: 24/7 incident response, forensics.

  • Personal support: Dutch-language consultations & cooperation with NCSC/DIVD.

 

Frequently Asked Questions

1. Which Citrix versions are vulnerable?
Anything under 14.1-47.46, 13.1-59.19 or the equivalent FIPS versions. Older releases should be upgraded or replaced immediately.

2. Don’t I keep access if I end sessions?
Yes, temporarily. But this is necessary to stop unwanted access. After re-logging in, everyone can work again.

3. What does ALTA-ICT do that others don’t?
ISO27001/NEN7510 certified approach, automatic patch & session management < 24h, 24/7 monitoring and Dutch industry expert advice.

4. What if I don’t use Citrix?
Also check other remote access and edge devices for vulnerabilities. Patch immediately and scan regularly.

5. When is a patch effective?
Immediately after installation, provided sessions are also terminated and monitoring is enabled.

 

Conclusion

The Citrix NetScaler incidents show: patching is not enough. You need patching fast, organized and monitoring. ALTA-ICT helps organizations in the Netherlands with an ISO-certified, practical and compliance-focused approach.

Contact us today for a free consultation, and prevent your organization from having to go offline due to outdated systems.

 

Reference

¹https://www.linkedin.com/posts/altaict_cybersecurity-patchmanagement-modernewerkplek-activity-7351954386786369536-jSLJ

²https://www.ncsc.nl/actueel/nieuws/2025/07/22/casus-citrix-kwetsbaarheid

³https://www.nfir.nl/citrix-netscaler-kwetsbaarheid-cve-2025-5777-citrix-bleed-2/

Want to know more?

Get in touch
ALTA-ICT visual over Citrix NetScaler hack Nederland 2025 met netwerkverbindingen

Related
blogs

Bewindvoerder B for Balance werkt veilig met ALTA-ICT dankzij moderne en veilige ICT-oplossingen
August 14, 2025

Case B for Balance | Carefree working with sensitive data

Read more
Man met laptop – ALTA-ICT subsidie voor cyberweerbaarheid
August 14, 2025

IT Security – Affordable, Simple and with Subsidy

Read more
Cybersecurity zero-day waarschuwing SharePoint CVE-2025-53770 met ALTA-ICT logo
August 13, 2025

SharePoint-kwetsbaarheid CVE-2025-53770

Read more
ALTA-ICT wachtwoordloos inloggen visual met paarse toets en netwerkachtergrond
August 12, 2025

SME passwords: Secure or dangerous?

Read more

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Wekelijks in je Mailbox.