Skip to main content

Netscaler Gateway CVE-2025-6543

| EUVDEUVD-2025-19085 CRITICAL
Buffer Overflow (CWE-119)
2025-06-25 secure@citrix.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

9
Analysis Updated
Apr 16, 2026 - 05:53 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
37.236,47.46,59.19
EUVD ID Assigned
Mar 15, 2026 - 23:19 euvd
EUVD-2025-19085
Analysis Generated
Mar 15, 2026 - 23:19 vuln.today
Added to CISA KEV
Oct 24, 2025 - 13:42 cisa
CISA KEV
EUVD Exploitation Confirmed
Oct 24, 2025 - 13:42 euvd
EUVD KEV
PoC Detected
Oct 24, 2025 - 13:42 vuln.today
Public exploit code
CVE Published
Jun 25, 2025 - 13:15 nvd
CRITICAL 9.8

DescriptionCVE.org

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

AnalysisAI

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended control flow and denial of service when configured as VPN or AAA virtual server. KEV-listed with public PoC, this vulnerability paired with CVE-2025-5777 (memory overread) indicates a systemic weakness in NetScaler's VPN request processing that enables both data theft and remote code execution.

Technical ContextAI

Unlike the companion CVE-2025-5777 (memory overread for data theft), this vulnerability causes a memory overflow that corrupts control flow data. This can cause immediate denial of service (crashing the NetScaler) or, with careful exploitation, redirect execution to attacker-controlled code. The VPN/AAA functionality is the attack surface — the same components affected by the overread vulnerability, suggesting a shared root cause in request parsing.

RemediationAI

Apply Citrix security update for both CVE-2025-6543 and CVE-2025-5777. Prioritize if VPN/AAA is internet-facing. Consider taking VPN offline if patching is delayed. After patching: invalidate sessions, rotate TLS keys.

CVE-2025-5777 HIGH POC
7.5 Jun 17

Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory o

CVE-2026-8451 HIGH POC
8.8 Jun 30

Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the a

CVE-2025-5349 HIGH POC
8.8 Jun 17

Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthent

CVE-2023-4967 HIGH POC
7.5 Oct 27

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CV

CVE-2026-8452 HIGH
8.8 Jun 30

Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated atta

CVE-2026-8655 HIGH
8.8 Jun 30

Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that prod

CVE-2026-13474 HIGH
8.7 Jun 30

Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive

CVE-2020-8247 HIGH
8.8 Sep 18

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix AD

CVE-2024-8534 HIGH
8.4 Nov 12

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appli

CVE-2026-10816 HIGH
7.1 Jun 30

Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network

CVE-2021-22927 HIGH
8.1 Aug 05

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provide

CVE-2023-3467 HIGH
8.0 Jul 19

Privilege Escalation to root administrator (nsroot). Rated high severity (CVSS 8.0), this vulnerability is low attack co

Share

CVE-2025-6543 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy