Citrix Issues Urgent Patches for Actively Exploited Vulnerability CVE-2025-6543 in NetScaler ADC
June 25, 2025
Vulnerability / Network Security
Citrix has launched critical security updates to address a significant vulnerability in NetScaler ADC, which is currently being exploited in the wild. This vulnerability, identified as CVE-2025-6543, has a CVSS score of 9.2 out of 10. It involves a memory overflow issue that could lead to unintended control flow and potential denial-of-service attacks. Successful exploitation requires the appliance to be set up as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The affected versions include:
- NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46
- NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19
- NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (vulnerable and end-of-life)
- NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP
Citrix has indicated that vulnerabilities also impact “Secure Private Access on-prem or Secure Private Access Hybrid” deployments utilizing NetScaler instances.
Vulnerability / Network Security
Citrix Issues Urgent Security Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC On June 25, 2025, Citrix took decisive action in response to a critical vulnerability identified as CVE-2025-6543 affecting its NetScaler ADC products. This flaw has been reportedly exploited in active cyber attacks, prompting Citrix to roll out emergency…
Citrix Issues Urgent Patches for Actively Exploited Vulnerability CVE-2025-6543 in NetScaler ADC
June 25, 2025
Vulnerability / Network Security
Citrix has launched critical security updates to address a significant vulnerability in NetScaler ADC, which is currently being exploited in the wild. This vulnerability, identified as CVE-2025-6543, has a CVSS score of 9.2 out of 10. It involves a memory overflow issue that could lead to unintended control flow and potential denial-of-service attacks. Successful exploitation requires the appliance to be set up as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The affected versions include:
- NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46
- NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19
- NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (vulnerable and end-of-life)
- NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP
Citrix has indicated that vulnerabilities also impact “Secure Private Access on-prem or Secure Private Access Hybrid” deployments utilizing NetScaler instances.