Full Report
Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the
Analysis Summary
# Vulnerability: Critical Memory Overflow in Citrix NetScaler ADC/Gateway (CVE-2025-6543)
## CVE Details
- CVE ID: CVE-2025-6543
- CVSS Score: 9.2 (Critical)
- CWE: Not specified in context (Likely related to Memory Corruption/Overflow)
## Affected Systems
- Products: NetScaler ADC and NetScaler Gateway, Secure Private Access (on-prem and Hybrid deployments using NetScaler instances)
- Versions:
- NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46
- NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19
- NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (End-of-Life)
- NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP
- Configurations: Successful exploitation requires the appliance to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or a AAA virtual server.
## Vulnerability Description
The vulnerability is described as a memory overflow flaw. If successfully exploited, it could lead to unintended control flow changes and result in a Denial-of-Service (DoS) condition. Crucially, exploitation is only possible when the appliance has specific routing or proxy services enabled (Gateway/AAA configurations).
## Exploitation
- Status: Exploited in the wild ('exploits... have been observed' on unmitigated appliances).
- Complexity: Medium (due to the configuration dependency).
- Attack Vector: Network (Implied, as it affects remote-facing components like Gateways/VPNs).
## Impact
- Confidentiality: Unknown (Not explicitly stated, but control flow manipulation can lead to data exposure).
- Integrity: High (Unintended control flow indicates potential for system manipulation).
- Availability: High (Explicitly stated DoS potential).
## Remediation
### Patches
Customers must upgrade their NetScaler instances to the recommended builds to address the vulnerability. Specific fixed versions are not detailed in the summary, but the vendor advisory should be consulted immediately.
### Workarounds
No specific workarounds were mentioned in this summary, emphasizing the immediate need for patching.
## Detection
- Indicators of Compromise (IOCs): Not specified in the context provided.
- Detection methods and tools: Not specified in the context provided. Given the exploitation status, immediate monitoring of unusual traffic or behavior related to Gateway/AAA functionalities is recommended.
## References
- Vendor Advisory: hxxps://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
- Article Source: hxxps://thehackernews.com/2025/06/citrix-releases-emergency-patches-for.html