CVE-2025-6543

Name of the Vulnerable Software and Affected Versions NetScaler ADC (affected versions not specified) NetScaler Gateway (affected versions not specified)

Description A memory overflow issue exists in NetScaler ADC and NetScaler Gateway when configured as an AAA virtual server or as a Gateway (including VPN virtual server, ICA Proxy, CVPN, or RDP Proxy). This flaw can lead to unintended control flow and a Denial of Service (DoS) condition, where the system becomes unavailable to users. The issue has been exploited in the wild since May 2025, specifically targeting organizations in the Netherlands, such as the OM. In some instances, attackers have wiped forensic evidence to hide their activities.

Recommendations Apply the patches released on June 25, 2025. Implement Multi-Factor Authentication (MFA). Enable continuous system monitoring. Isolate affected systems to minimize risk.