CVE-2025-6543

CVE Database · CVE-2025-6543

CVE-2025-6543

· CRITICALAnalyzed

CVSS v3.1

9.8

CVSS v4.0

9.2

EPSS

9.76%

Published

Jun 25, 2025

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2025-06-30 · Due: 2025-07-21

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (4)

All weaponized →

TrickestTrickest PoC index GitHub PoCabrewer251/CVE-2025-6543_CitrixNetScaler_PoC★5 GitHub PoCgrupooruss/Citrix-cve-2025-6543★4 GitHub PoClex1010/CVE-2025-6543★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-119

Affected Products (6)

citrix · netscaler_application_delivery_controller (up to 13.1-37.236)vulnerable

citrix · netscaler_application_delivery_controller (up to 13.1-59.19)vulnerable

citrix · netscaler_application_delivery_controller (up to 14.1-47.46)vulnerable

citrix · netscaler_gateway (up to 13.1-59.19)vulnerable

citrix · netscaler_gateway (up to 14.1-47.46)vulnerable

References (2)

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6543

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs