CVE-2025-6543
Memory overflow vulnerability leading to unintended control flow and Denial of Service
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- June 23, 2025
- Published Date
- June 25, 2025
- Last Updated
- June 30, 2025
- Vendor
- NetScaler
- Product
- ADC, Gateway
- Description
- Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- Tags
- Score
- 16.13% (Percentile: 94.54%) as of 2025-07-03
- Exploitation
- active
- Technical Impact
- total
- Exploited in the Wild
- Yes (2025-06-25 16:30:40 UTC) Source
cisa
CVSS Scores
CVSS v4.0
9.2 - CRITICAL
Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
EPSS Score
SSVC Information
Exploit Status
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| TheHackerNews | 2025-06-25 16:30:33 UTC |
Recent Mentions
Citrix warns of NetScaler vulnerability exploited in DoS attacks
Source: BleepingComputer • Published: 2025-06-25 17:35:55 UTC
Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. [...]
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC
Source: TheHackerNews • Published: 2025-06-25 14:51:00 UTC
Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild.
The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0.
It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel