Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Remotely reachable, low-complexity, unauthenticated memory overflow on Gateway/AAA virtual servers; high availability (DoS) and confidentiality (memory exposure) impact with limited integrity effect.
Primary rating from Vendor (50a63c94-1ea7-4568-8c11-eb79e7c5a2b5).
CVSS VectorVendor: 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
AnalysisAI
Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated attackers to trigger unpredictable or erroneous appliance behavior when the device is deployed as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable, low-complexity exploitation with no authentication, and the high confidentiality impact suggests memory contents may be exposed alongside the DoS condition. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the NetScaler appliance be configured as a Gateway virtual server - specifically in SSL VPN, ICA Proxy, CVPN (Clientless VPN), or RDP Proxy mode - or as an AAA virtual server; appliances not running any of these roles are not exploitable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are partially conflicting and should be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker reachable over the network sends a crafted request to the internet-facing NetScaler Gateway or AAA virtual server, triggering the memory overflow without authentication. This causes the appliance to behave unpredictably or crash, denying remote-access service to legitimate VPN/ICA users, and given the high confidentiality impact may expose adjacent memory contents. … |
| Remediation | Apply the fixed NetScaler ADC and NetScaler Gateway builds published by Citrix in advisory CTX696604 (https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604); exact fixed build numbers were not in the provided data, so consult that advisory for the precise patched versions for your release train. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory and assess which NetScaler devices in your environment are deployed as SSL VPN, ICA Proxy, CVPN, or RDP Proxy; implement network-level access restrictions if feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory o
Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended
Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the a
Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthent
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CV
Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix
Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler
Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that prod
Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appli
Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network
Privilege Escalation to root administrator (nsroot). Rated high severity (CVSS 8.0), this vulnerability is low attack co
Same weakness CWE-119 – Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40307
GHSA-r7wg-r5wj-c765