CVE-2025-6543 — Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability

2025-06-30 • CISA Known Exploited Vulnerability

[event] Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

> AFFECTED SOFTWARE

Field	Value
Vendor	Citrix
Product	NetScaler ADC and Gateway
CWE	CWE-119
CVE ID	CVE-2025-6543
Date Added	2025-06-30
Due Date	2025-07-21
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due Date: 2025-07-21

> REFERENCES

[1] https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
[2] https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-...
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-6543