Back to KEVs

CVE-2025-6543

Memory overflow vulnerability leading to unintended control flow and Denial of Service

Basic Information

CVE State: PUBLISHED
Reserved Date: June 23, 2025
Published Date: June 25, 2025
Last Updated: July 17, 2025
Vendor: NetScaler
Product: ADC, Gateway
Description: Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Tags

CVSS Scores

CVSS v4.0

9.2 - CRITICAL

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

EPSS Score

Score: 3.54% (Percentile: 87.19%) as of 2025-07-17

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-06-25 16:30:40 UTC) Source

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788

Known Exploited Vulnerability Information

Source	Added Date
TheHackerNews	2025-06-25 16:30:33 UTC

Recent Mentions

CVE-2025-5777: CitrixBleed 2 Write-Up… Maybe?

Source: Horizon3.ai Attack Research • Published: 2025-07-07 13:29:17 UTC

Background and Confusion On June 17, 2025, Citrix published an advisory detailing CVE-2025-5777 and CVE-2025-5349. Affected products include: On June 25, 2025, they also published an advisory detailing CVE-2025-6543. Affected products include: Of the three vulnerabilities, two of them have been receiving a bit of buzz: While we’ve developed a working exploit for one of […]

Citrix warns of NetScaler vulnerability exploited in DoS attacks

Source: BleepingComputer • Published: 2025-06-25 17:35:55 UTC

Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. [...]

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Source: TheHackerNews • Published: 2025-06-25 14:51:00 UTC

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the

Timeline

CVE ID Reserved

June 23, 2025
CVE Published to Public

June 25, 2025
Added to KEVIntel

June 25, 2025