Memory Overflow Vulnerability in NetScaler ADC and NetScaler Gateway by Citrix
CVE-2025-6543
Key Information:
Badges
What is CVE-2025-6543?
CVE-2025-6543 is a serious memory overflow vulnerability identified in the NetScaler ADC and NetScaler Gateway products developed by Citrix. These products serve as essential components for application delivery and secure remote access, providing functionalities such as virtual private network (VPN) services, application acceleration, and load balancing. The vulnerability arises when specific configurations, such as the Gateway and AAA virtual servers, are employed, potentially leading to unintended control flow within the system.
The negative impact of CVE-2025-6543 on an organization can be considerable. Exploitation of this flaw may result in Denial of Service (DoS), effectively disrupting access to critical applications and services. This downtime can not only undermine operational efficiency but also erode customer trust and lead to financial losses. The technical intricacies of the vulnerability involve the manipulation of memory, which could allow attackers to execute arbitrary code, underscoring the critical need for immediate remediation.
Potential impact of CVE-2025-6543
-
Denial of Service (DoS): The primary impact of this vulnerability is the potential for a Denial of Service, wherein attackers can intentionally disrupt service availability, hampering organizational operations and hindering user access to essential resources.
-
System Compromise: A successful exploit of CVE-2025-6543 could lead to unauthorized control over vulnerable systems, allowing attackers to execute malicious activities, access sensitive data, or plant further malware.
-
Operational Disruption: Beyond immediate service interruptions, a breach stemming from this vulnerability can cause widespread operational disruption, requiring significant remediation efforts, resource reallocation, and potentially prolonging system downtimes.
CISA has reported CVE-2025-6543
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-6543 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
ADC 14.1 < 47.46
ADC 13.1 < 59.19
ADC 13.1 FIPS and NDcPP < 37.236
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CVE-2025-6543: Critical Citrix NetScaler Memory Overflow Vulnerability | iZOOlogic
Discover the details of CVE-2025-6543, a critical Citrix NetScaler memory overflow vulnerability that could allow remote code execution. Learn about affected versions, risks, and mitigation steps.
2 weeks ago

CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation
2 weeks ago

CISA Issues Alert on Actively Exploited Citrix NetScaler ADC and Gateway Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert following the addition of a critical Citrix NetScaler vulnerability—CVE-2025-6543
2 weeks ago
References
EPSS Score
16% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- 💰
Used in Ransomware
- 📈
Vulnerability started trending
- 🦅
CISA Reported
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved