Executive Summary
Citrix has released urgent security updates for a critical memory overflow vulnerability, CVE-2025-6543, affecting its NetScaler ADC and Gateway products. This flaw, which can lead to unintended control flow and denial-of-service, is reportedly actively being exploited in the wild. Organizations using affected versions, especially those configured as Gateways or AAA virtual servers, are strongly advised to update immediately or implement compensating controls to prevent potential disruption of critical business operations.
Analysis
The CVE-2025-6543 vulnerability, with a CVSS score of 9.2, in NetScaler ADC and Gateway products is a memory overflow flaw, a common vulnerability class that, when exploited, can lead to unintended control flow and denial-of-service (DoS) conditions. This exploit requires specific appliance configurations, notably when NetScaler is set up as a Gateway, such as a VPN virtual server or AAA virtual server. The fact that exploits are already observed in the wild indicates active weaponization by threat actors, mirroring past critical NetScaler vulnerabilities, such as “CitrixBleed” (CVE-2023-4966) and CVE-2023-3519, which were used for session hijacking and webshell implantation. The immediate threat for this specific vulnerability lies in its potential to disrupt critical business operations through DoS, preventing legitimate users from accessing services.
