CVE-2025-6543

Memory overflow vulnerability leading to unintended control flow and Denial of Service

Basic Information

CVE State
PUBLISHED
Reserved Date
June 23, 2025
Published Date
June 25, 2025
Last Updated
June 30, 2025
Vendor
NetScaler
Product
ADC, Gateway
Description
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Tags
cisa

CVSS Scores

CVSS v4.0

9.2 - CRITICAL

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

EPSS Score

Score
16.13% (Percentile: 94.54%) as of 2025-07-03

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-06-25 16:30:40 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
TheHackerNews 2025-06-25 16:30:33 UTC

Recent Mentions

Citrix warns of NetScaler vulnerability exploited in DoS attacks

Source: BleepingComputer • Published: 2025-06-25 17:35:55 UTC

Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. [...]

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Source: TheHackerNews • Published: 2025-06-25 14:51:00 UTC

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel