How to fix CVE-2025-6543?

Within 24 hours: Identify and inventory all NetScaler ADC/Gateway instances in production, particularly those configured as VPN gateways or AAA servers; enable enhanced logging and monitoring for exploitation attempts. Within 7 days: Implement network segmentation to restrict access to NetScaler management interfaces and deploy WAF rules to block malicious payloads targeting the vulnerable code paths; consider temporarily disabling non-critical gateway features if operationally feasible. Within 30 days: Establish a vendor patch monitoring process, prepare and test emergency patching procedures, and evaluate alternative solutions or appliance replacement timelines.

Is Netscaler Gateway affected by CVE-2025-6543?

A critical memory overflow vulnerability (CVE-2025-6543) affecting NetScaler ADC and Gateway products is actively being exploited in the wild, with a 9.8 CVSS score.

CVE-2025-6543

EUVD-2025-19085 CRITICAL

2025-06-25 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 23:19 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 23:19 euvd

EUVD-2025-19085

Added to CISA KEV

Oct 24, 2025 - 13:42 cisa

CISA KEV

EUVD Exploitation Confirmed

Oct 24, 2025 - 13:42 euvd

EUVD KEV

PoC Detected

Oct 24, 2025 - 13:42 vuln.today

Public exploit code

CVE Published

Jun 25, 2025 - 13:15 nvd

CRITICAL 9.8

Description

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Analysis

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended control flow and denial of service when configured as VPN or AAA virtual server. KEV-listed with public PoC, this vulnerability paired with CVE-2025-5777 (memory overread) indicates a systemic weakness in NetScaler's VPN request processing that enables both data theft and remote code execution.

Technical Context

Unlike the companion CVE-2025-5777 (memory overread for data theft), this vulnerability causes a memory overflow that corrupts control flow data. This can cause immediate denial of service (crashing the NetScaler) or, with careful exploitation, redirect execution to attacker-controlled code. The VPN/AAA functionality is the attack surface — the same components affected by the overread vulnerability, suggesting a shared root cause in request parsing.

Affected Products

['Citrix NetScaler ADC (when configured as Gateway VPN, ICA Proxy, CVPN, RDP Proxy)', 'Citrix NetScaler Gateway (when configured as Gateway or AAA virtual server)']

Remediation

Apply Citrix security update for both CVE-2025-6543 and CVE-2025-5777. Prioritize if VPN/AAA is internet-facing. Consider taking VPN offline if patching is delayed. After patching: invalidate sessions, rotate TLS keys.

Priority Score

121

Low Medium High Critical

KEV: +50

EPSS: +2.0

CVSS: +49

POC: +20

CVE-2025-6543 vulnerability details – vuln.today

Back

CVE-2025-6543

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-6543

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code