CVE-2025-6543

Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-47.46 Citrix NetScaler ADC and NetScaler Gateway versions prior to 13.1-59.19 Citrix NetScaler ADC and NetScaler Gateway FIPS/NDcPP versions prior to 13.1-37.236

Description A memory overflow vulnerability exists in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. This vulnerability can lead to unintended control flow and a denial of service. The vulnerability is actively being exploited in the wild. Approximately 185.6K+ services are potentially affected worldwide.

Recommendations Update NetScaler ADC to version 14.1-47.46 or later. Update NetScaler Gateway to version 14.1-47.46 or later. Update NetScaler ADC FIPS/NDcPP to version 13.1-37.236 or later. Update NetScaler Gateway FIPS/NDcPP to version 13.1-37.236 or later.