Emergency Security Bulletin: Citrix NetScaler ADC/Gateway Memory Overflow Denial-of-Service Vulnerability

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

VULNERABILITIES

Citrix NetScaler ADC/Gateway Memory Overflow Denial-of-Service Vulnerability

CVSS Score: 9.2 (Critical)
Identifier: CVE-2025-6543
Exploit or POC: Yes – Actively exploited in the wild via unauthenticated remote requests
Update: CVE-2025-6543 – Citrix Security Advisory

Description: CVE-2025-6543 is a critical memory overflow vulnerability in Citrix NetScaler ADC and Gateway appliances. It affects configurations running as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The flaw allows remote, unauthenticated attackers to send crafted requests that trigger a denial-of-service (DoS) by causing unintended control flow. Exploits have been observed in the wild, leading to appliances going offline.

Affected Versions:

• NetScaler ADC and Gateway 14.1 prior to 14.1-47.46
  
  
• NetScaler ADC and Gateway 13.1 prior to 13.1-59.19
  
  
• NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236
  
  
• NetScaler ADC 12.1-FIPS and older end-of-life builds
  
  

Mitigation Recommendation:

Apply the Citrix patches immediately:

•  14.1 → Upgrade to 14.1-47.46 or later
  
  
• 13.1 → Upgrade to 13.1-59.19 or later
  
  
• 13.1-FIPS/NDcPP → Upgrade to 13.1-37.236 or later
  
  
• End-of-life versions: upgrade to supported versions without delay