Summary : Security Advisory;

Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition.

The flaw impacts NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-47.46, 13.1 before 13.1-59.19, and NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.236-FIPS and NDcPP.

OEM	Citrix
Severity	Critical
CVSS Score	9.2
CVEs	CVE-2025-6543
POC Available	No
Actively Exploited	Yes
Exploited in Wild	Yes
Advisory Version	1.0

Overview 

A critical memory overflow vulnerability, CVE-2025-6543, has been discovered in NetScaler ADC and NetScaler Gateway products, potentially leading to denial-of-service and unintended control flow. The issue affects deployments configured as Gateway services. Active exploitation in the wild has been reported. 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
​Memory overflow vulnerability	CVE-2025-6543	NetScaler ADC and NetScaler Gateway	Critical	14.1-47.46 / 13.1-59.19 / 13.1-37.236

Technical Summary 

CVE-2025-6543 is a memory overflow vulnerability in NetScaler ADC and Gateway products that can result in denial-of-service (DoS) or arbitrary control flow, particularly when the system is configured as a Gateway or AAA virtual server.

The flaw stems from improper restriction of operations within memory buffer bounds (CWE-119). This vulnerability has been exploited in real-world attacks. 

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-6543	NetScaler ADC & Gateway 14.1 before 14.1-47.46, 13.1 before 13.1-59.19 NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.236-FIPS and NDcPP	Memory overflow due to improper memory boundary restrictions when configured as Gateway or AAA virtual servers	Denial-of-Service and Unintended control flow

Remediation: 

• Immediate Action: Affected customers are strongly advised to upgrade to the fixed versions: 

Product Version	Recommended Fixed Build
NetScaler ADC / Gateway 14.1	14.1-47.46 or later
NetScaler ADC / Gateway 13.1	13.1-59.19 or later
NetScaler ADC 13.1-FIPS / NDcPP	13.1-37.236 or later

Note: Versions 12.1 and 13.0 are End-of-Life (EOL) and remain vulnerable. These should be replaced with supported, patched builds. 

Customers using FIPS or NDcPP variants should contact Citrix Support directly for access to the fixed builds. 

Conclusion: 
CVE-2025-6543 represents a highly critical risk to organizations utilizing NetScaler Gateway or ADC for secure access and application delivery.

Organizations still using outdated or end-of-life (EOL) versions are especially vulnerable and should prioritize upgrading to supported builds. 

This flaw follows a pattern of severe vulnerabilities affecting NetScaler products, including the recently disclosed CVE-2025-5777 (CVSS score: 9.3), which also posed a significant threat to enterprise infrastructure.

Together these issues highlight the urgent need for timely patching, continuous monitoring, and defense-in-depth strategies to safeguard critical network assets. 

With both flaws being critical bugs, administrators are advised to apply the latest patches from Citrix as soon as possible.

Companies should also monitor their NetScaler instances for unusual user sessions, abnormal behavior, and to review access controls.

References: 

• https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 

• https://thehackernews.com/2025/06/citrix-releases-emergency-patches-for.html