CVE-2025-6543: 
Citrix ADC VPX 脆弱性の分析と軽減

CVE-2025-6543 is a critical memory overflow vulnerability affecting NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The vulnerability was discovered and disclosed on June 25, 2025, with a CVSS score of 9.2 (Critical). The affected versions include NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46, 13.1 prior to 13.1-59.19, and NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236 (NVD, Hacker News).

The vulnerability is characterized as a memory overflow condition that leads to unintended control flow and denial-of-service. It requires no user interaction or privileges for exploitation, with high impact ratings for all three vulnerable system metrics: Confidentiality, Integrity, and Availability. The CVSS v4.0 vector string is CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L, indicating its critical severity (Rapid7, NVD).

The vulnerability can result in unintended control flow and denial-of-service in affected systems. The high CVSS score and impact metrics suggest potential for remote code execution (RCE) capabilities. The vulnerability affects systems configured as either Gateway or AAA virtual server, which is a common configuration in production environments (Rapid7).

Cloud Software Group has released patches for affected versions: NetScaler ADC and NetScaler Gateway 14.1 should update to version 14.1-47.46 or above, version 13.1 should update to 13.1-59.19 or above. For FIPS and NDcPP versions, customers must contact NetScaler support directly for appropriate updates. Versions 12.1 and 13.0, being End of Life (EOL), will not receive patches and users are urged to upgrade to supported versions (Hacker News).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-6543 to their Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch agencies to apply fixes by July 21, 2025. Security researchers have emphasized the critical nature of this vulnerability, particularly due to its active exploitation status (Rapid7).