Vulnerability Details CVE-2025-6543
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Exploit prediction scoring system (EPSS) score
EPSS Score 0.148
EPSS Ranking 94.2%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Ransomware Campaign
Unknown
Products affected by CVE-2025-6543
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.159
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.164
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.176
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-49.15
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-51.15
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-12.35
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-8.50
-
cpe:2.3:a:citrix:netscaler_gateway:13.1
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-49.15
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-51.15
-
cpe:2.3:a:citrix:netscaler_gateway:14.1
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-12.35
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-8.50