CVE-2025-6543 — CRITICAL (9.8)

Q: How severe is CVE-2025-6543?

CVE-2025-6543 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-6543?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Application Delivery Controller, Citrix Netscaler Gateway.

Vulnerability Description

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Citrix	Netscaler Application Delivery Controller	>= 13.1, < 13.1-37.236
Citrix	Netscaler Gateway	>= 13.1, < 13.1-59.19

Related Weaknesses (CWE)

CWE-119

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource

FAQ

What is CVE-2025-6543?

CVE-2025-6543 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy...

How severe is CVE-2025-6543?

CVE-2025-6543 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-6543?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Application Delivery Controller, Citrix Netscaler Gateway.