#VU111952 Buffer overflow in Citrix NetScaler Gateway and Citrix Netscaler ADC - CVE-2025-6543
Vulnerability identifier: #VU111952
Vulnerability risk: High
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Citrix NetScaler Gateway
Server applications /
Application servers
Citrix Netscaler ADC
Client/Desktop applications /
Software for system administration
Vendor: Citrix
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling incoming requests. A remote attacker can send specially crafted traffic to the server, trigger memory corruption and perform a denial of service (DoS) attack.
Successful exploitation of the vulnerability requires that NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Note, the vulnerability is being actively exploited in the wild.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Citrix NetScaler Gateway: 12.0 - 14.1-43.56
Citrix Netscaler ADC: 12.0 - 14.1-43.56
External links
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
