4 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Citrix NetScaler ADC/Gateway Memory Overflow Denial-of-Service Vulnerability
CVSS Score: 9.2 (Critical)
Identifier: CVE-2025-6543
Exploit or POC: Yes – Actively exploited in the wild via unauthenticated remote requests
Update: CVE-2025-6543 – Citrix Security Advisory
Description: CVE-2025-6543 is a critical memory overflow vulnerability in Citrix NetScaler ADC and Gateway appliances. It affects configurations running as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The flaw allows remote, unauthenticated attackers to send crafted requests that trigger a denial-of-service (DoS) by causing unintended control flow. Exploits have been observed in the wild, leading to appliances going offline.
Affected Versions:
- NetScaler ADC and Gateway 14.1 prior to 14.1-47.46
- NetScaler ADC and Gateway 13.1 prior to 13.1-59.19
- NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236
- NetScaler ADC 12.1-FIPS and older end-of-life builds
Mitigation Recommendation:
Apply the Citrix patches immediately:
- 14.1 → Upgrade to 14.1-47.46 or later
- 13.1 → Upgrade to 13.1-59.19 or later
- 13.1-FIPS/NDcPP → Upgrade to 13.1-37.236 or later
- End-of-life versions: upgrade to supported versions without delay
Restrict network access to Gateway and AAA virtual servers using firewalls or segmentation until patches are confirmed applied.
Monitor NetScaler logs and network traffic for unusual crash events or incoming malformed requests targeting proxy services.
