Home

Description

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

PUBLISHED Reserved 2025-06-23 | Published 2025-06-25 | Updated 2026-02-26 | Assigner Citrix




CRITICAL: 9.2CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CISA Known Exploited Vulnerability

Date added 2025-06-30 | Due date 2025-07-21

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

Default status
unaffected

14.1 (patch) before 47.46
affected

13.1 (patch) before 59.19
affected

13.1 FIPS and NDcPP (patch) before 37.236
affected

Default status
unaffected

14.1 (patch) before 47.46
affected

13.1 (patch) before 59.19
affected

13.1 FIPS and NDcPP (patch) before 37.236
affected

References

www.cisa.gov/...nerabilities-catalog?field_cve=CVE-2025-6543 government-resource

support.citrix.com/...search/article?articleNumber=CTX694788

cve.org (CVE-2025-6543)

nvd.nist.gov (CVE-2025-6543)

Download JSON