⚠ Actively exploited

Added to CISA KEV on 2025-06-30. Federal agencies required to patch by 2025-07-21. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2025-6543 — Improper Restriction of Operations within the Bounds of a Memory Buffer in ADC

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read17 documents9 sources

Severity

9.2CRITICALNVD

VulnCheck9.3

EPSS

2.3%

top 15.38%

CISA KEV

KEV

Added 2025-06-30

Due 2025-07-21

Exploit

No known exploits

Affected products

Netscaler ADC Netscaler Gateway Citrix Netscaler Application Delivery Controller +1 more

Timeline

PublishedJun 25

KEV addedJun 30

KEV dueJul 21

Latest updateMar 28

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Packages4 packages

▶CVEListV5netscaler/gateway14.1 — 47.46+2

▶NVDcitrix/netscaler_gateway13.1 — 13.1-59.19+1

▶NVDcitrix/netscaler_application_delivery_controller13.1 — 13.1-37.236+2

▶CVEListV5netscaler/adc14.1 — 47.46+2

🔴Vulnerability Details

GHSA

GHSA-9gqr-6728-fpv3: Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gatew↗2025-06-26

▶

VulnCheck

Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability↗2025

▶

VulnCheck

Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability↗2025

▶

📋Vendor Advisories

CISA

Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability↗2025-06-30

▶

🕵️Threat Intelligence

Hackernews

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug↗2026-03-28

▶

Hackernews

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks↗2026-03-24

▶

Tenable

CVE-2025-7775 Citrix RCE Zero-day↗2025-08-26

▶

Talos

What happened in Vegas (that you actually want to know about)↗2025-08-14

▶

Talos

What happened in Vegas (that you actually want to know about)↗2025-08-14

▶