CVE-2025-6543

high-risk

Published 2025-06-25

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Do I need to act?

2.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (4)

Netscaler Application Delivery Controller

Netscaler Gateway

Affected Vendors

Citrix

References (2)

Vendor Advisory https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 12/34 · Low

Exposure 10/34 · Low