CVE-2025-6543 - Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
Project:Citrix
Product:NetScaler ADC and Gateway
Date Added:2025-06-30Due Date:2025-07-21
Vulnerability Name
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
Description
Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/
https://nvd.nist.gov/vuln/detail/CVE-2025-6543
Related News Articles
Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bugAugust 12, 2025
Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical SectorsAugust 12, 2025
Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgsAugust 12, 2025
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target EnterprisesJuly 11, 2025
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active ExploitationJuly 8, 2025