Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-6543
CVE-2025-6543:
Citrix ADC VPX vulnerability analysis and mitigation
Overview
CVE-2025-6543 is a critical memory overflow vulnerability affecting NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The vulnerability was discovered and disclosed on June 25, 2025, with a CVSS score of 9.2 (Critical). The affected versions include NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46, 13.1 prior to 13.1-59.19, and NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236 (NVD, Hacker News).
Technical details
The vulnerability is characterized as a memory overflow condition that leads to unintended control flow and denial-of-service. It requires no user interaction or privileges for exploitation, with high impact ratings for all three vulnerable system metrics: Confidentiality, Integrity, and Availability. The CVSS v4.0 vector string is CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L, indicating its critical severity (Rapid7, NVD).
Impact
The vulnerability can result in unintended control flow and denial-of-service in affected systems. The high CVSS score and impact metrics suggest potential for remote code execution (RCE) capabilities. The vulnerability affects systems configured as either Gateway or AAA virtual server, which is a common configuration in production environments (Rapid7).
Mitigation and workarounds
Cloud Software Group has released patches for affected versions: NetScaler ADC and NetScaler Gateway 14.1 should update to version 14.1-47.46 or above, version 13.1 should update to 13.1-59.19 or above. For FIPS and NDcPP versions, customers must contact NetScaler support directly for appropriate updates. Versions 12.1 and 13.0, being End of Life (EOL), will not receive patches and users are urged to upgrade to supported versions (Hacker News).
Community reactions
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-6543 to their Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch agencies to apply fixes by July 21, 2025. Security researchers have emphasized the critical nature of this vulnerability, particularly due to its active exploitation status (Rapid7).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management