Citrix NetScaler ADC/Gateway Mem Overflow in Virtual Servers – DoS
CVE-2025-6543 Published on June 25, 2025

Memory overflow vulnerability leading to unintended control flow and Denial of Service
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

NVD

Known Exploited Vulnerability

This Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

The following remediation steps are recommended / required by July 21, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weakness Type

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2025-6543 has been classified to as a Buffer Overflow vulnerability or weakness.


Products Associated with CVE-2025-6543

stack.watch emails you whenever new vulnerabilities are published in Citrix Netscaler Application Delivery Controller or Citrix Netscaler Gateway. Just hit a watch button to start following.

Citrix Netscaler Application Delivery Controller
 
Citrix Netscaler Gateway
 

Affected Versions

NetScaler ADC: NetScaler Gateway:

Exploit Probability

EPSS
2.02%
Percentile
83.49%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.