CVE-2025-6543
Severity CVSS v4.0:
CRITICAL
Type:
CWE-119
Buffer Errors
Publication date:
25/06/2025
Last modified:
01/07/2025
Description
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Impact
Base Score 4.0
9.20
Severity 4.0
CRITICAL
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* | 13.1 (including) | 13.1-37.236 (excluding) |
| cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:* | 13.1 (including) | 13.1-37.236 (excluding) |
| cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* | 13.1 (including) | 13.1-59.19 (excluding) |
| cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* | 14.1 (including) | 14.1-47.46 (excluding) |
| cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* | 13.1 (including) | 13.1-59.19 (excluding) |
| cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* | 14.1 (including) | 14.1-47.46 (excluding) |
To consult the complete list of CPE names with products and versions, see this page