CVE-2025-6543

Memory overflow vulnerability leading to unintended control flow and Denial of Service

Basic Information

CVE State: PUBLISHED
Reserved Date: June 23, 2025
Published Date: June 25, 2025
Last Updated: February 26, 2026
Vendor: NetScaler
Product: ADC, Gateway
Description: Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Tags

CVSS Scores

CVSS v4.0

9.2 - CRITICAL

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2026-06-01 10:36:14 UTC) Source

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788

Known Exploited Vulnerability Information

Source	Added Date
CVE	2026-06-01 10:36:14 UTC

Timeline

CVE ID Reserved

June 23, 2025
CVE Published to Public

June 25, 2025
Added to KEVIntel

June 01, 2026