Remote denial of service in NetScaler Gateway and NetScaler ADC

Published: 2025-06-26

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2025-6543
CWE-ID	CWE-119
Exploitation vector	Network
Public exploit	This vulnerability is being exploited in the wild.
Vulnerable software	Citrix NetScaler Gateway Server applications / Application servers Citrix Netscaler ADC Client/Desktop applications / Software for system administration
Vendor	Citrix

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU111952

Risk: High

CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2025-6543

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when handling incoming requests. A remote attacker can send specially crafted traffic to the server, trigger memory corruption and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Citrix NetScaler Gateway: 12.0 - 14.1-43.56

Citrix Netscaler ADC: 12.0 - 14.1-43.56

CPE2.3

External links

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.