CVE-2025-6543 (GCVE-0-2025-6543)
Vulnerability from cvelistv5
Published
2025-06-25 12:49
Modified
2025-06-30 22:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
References
Impacted products
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2025-06-30
Due date: 2025-07-21
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Used in ransomware: Unknown
Notes: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 ; https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-6543
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6543",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T17:26:07.698446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-06-30",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T22:20:23.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2025-06-30T00:00:00+00:00",
"value": "CVE-2025-6543 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.46",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.19",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.236",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.46",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.19",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.236",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-06-25T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when\u0026nbsp;configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"value": "Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when\u00a0configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:49:57.896Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory overflow vulnerability leading to unintended control flow and Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-6543",
"datePublished": "2025-06-25T12:49:57.896Z",
"dateReserved": "2025-06-23T18:08:23.912Z",
"dateUpdated": "2025-06-30T22:20:23.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2025-6543",
"cwes": "[\"CWE-119\"]",
"dateAdded": "2025-06-30",
"dueDate": "2025-07-21",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 ; https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-6543",
"product": "NetScaler ADC and Gateway",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.",
"vendorProject": "Citrix",
"vulnerabilityName": "Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-6543\",\"sourceIdentifier\":\"secure@citrix.com\",\"published\":\"2025-06-25T13:15:27.293\",\"lastModified\":\"2025-07-01T18:19:45.547\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when\u00a0configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de desbordamiento de memoria que provoca un flujo de control no deseado y una denegaci\u00f3n de servicio en NetScaler ADC y NetScaler Gateway cuando se configuran como Gateway (servidor virtual VPN, proxy ICA, CVPN, proxy RDP) O servidor virtual AAA\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.2,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-06-30\",\"cisaActionDue\":\"2025-07-21\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability\",\"weaknesses\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-37.236\",\"matchCriteriaId\":\"0F079648-790A-4D18-908D-25CA575C5B46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-37.236\",\"matchCriteriaId\":\"CF89AD2E-8A0A-43A9-9EEB-83D595576775\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-59.19\",\"matchCriteriaId\":\"355DCB05-54E3-4C13-A74A-B27CE3F10597\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"14.1\",\"versionEndExcluding\":\"14.1-47.46\",\"matchCriteriaId\":\"4A26624D-7F3F-4FD7-AC50-C9BDCA656F7B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-59.19\",\"matchCriteriaId\":\"598029C6-734C-450C-A7EC-495C72819E88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1\",\"versionEndExcluding\":\"14.1-47.46\",\"matchCriteriaId\":\"D977C8AE-4B4E-474D-ABD6-F55F054E5B59\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788\",\"source\":\"secure@citrix.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-6543\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-30T17:26:07.698446Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-06-30\", \"reference\": \"https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-25T13:32:45.118Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-06-30T00:00:00+00:00\", \"value\": \"CVE-2025-6543 added to CISA KEV\"}]}], \"cna\": {\"title\": \"Memory overflow vulnerability leading to unintended control flow and Denial of Service\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NetScaler\", \"product\": \"ADC\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\", \"lessThan\": \"47.46\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1\", \"lessThan\": \"59.19\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1 FIPS and NDcPP\", \"lessThan\": \"37.236\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NetScaler\", \"product\": \"Gateway\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\", \"lessThan\": \"47.46\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1\", \"lessThan\": \"59.19\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1 FIPS and NDcPP\", \"lessThan\": \"37.236\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-06-25T12:30:00.000Z\", \"references\": [{\"url\": \"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when\\u00a0configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when\u0026nbsp;configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\"}]}], \"providerMetadata\": {\"orgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"shortName\": \"Citrix\", \"dateUpdated\": \"2025-06-25T12:49:57.896Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-6543\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-30T22:20:23.170Z\", \"dateReserved\": \"2025-06-23T18:08:23.912Z\", \"assignerOrgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"datePublished\": \"2025-06-25T12:49:57.896Z\", \"assignerShortName\": \"Citrix\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…