Active Exploitation of Zero-Day Vulnerability CVE-2025-6543 in NetScaler ADC and NetScaler Gateway
Citrix has released a security advisory to address exploited vulnerability CVE-2025-6543 that could lead to unintended control flow or a denial-of-service condition.
Summary
Citrix has released a security advisory to address exploited vulnerability CVE-2025-6543 that could lead to unintended control flow or a denial-of-service condition.
Affected platforms
The following platforms are known to be affected:
Threat details
End-of-life (EoL) products still vulnerable
NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life (EOL) and are vulnerable. Organisations using EoL versions must upgrade to the latest release of supported versions as soon as possible.
Additionally, Secure Private Access on-premises or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerabilities. Organisations must upgrade NetScaler to the latest release of supported versions as soon as possible.
Exploitation of CVE-2025-6543
Citrix has reported exploitation of CVE-2025-6543 in the wild. The NHS England National CSOC assesses further exploitation as highly likely.
Additionally, security researchers have suggested that CVE-2025-6543 may allow for unauthenticated remote code execution (RCE).
Introduction
Citrix has released a critical security bulletin addressing a vulnerability affecting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Citrix NetScaler is an all-in-one load balancer, web application firewall (WAF), virtual private network (VPN) gateway and SSL offloading tool for web applications.
Vulnerability Details
- CVE-2025-6543 is a 'memory overflow' vulnerability with a CVSSv4 base score of 9.2. Successful exploitation could allow a remote unauthenticated attacker to gain unintended control flow and perform denial-of-service (DoS) in NetScaler ADC and NetScaler Gateway. NetScaler is only vulnerable to CVE-2025-6543 when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Security researchers have suggested that CVE-2025-6543 could allow for remote code execution.
NHS Organisations Must Complete CC-4670 and CC-4674 in RTaNCA
To mark both high severity Cyber Alerts CC-4670 and CC-4674 as "complete" in the Respond to an NHS Cyber Alert (RTaNCA) portal, organisations must update NetScaler to the latest version, and run the commands detailed in CC-4670 (and repeated below) to terminate active ICA and PCoIP sessions.
Remediation advice
Affected organisations must review Citrix Security Bulletin CTX694788 and update to the latest version of NetScaler ADC or NetScaler Gateway (detailed below).
Note: NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life (EOL) and no longer supported. Organisations using EoL versions must upgrade to the latest release of supported versions as soon as possible.
Applying the "Remediation Steps" detailed below will remediate both CVE-2025-5777 (from CC-4670) and CVE-2025-6543 (this alert). You must update NetScaler appliances to one of the versions detailed below or later.
Remediation steps
| Type | Step |
|---|---|
| Patch |
Organisations must update NetScaler to the latest version available. Fixed releases include:
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_6543 |
| Action |
To also complete CC-4670, organisations must run the following commands to terminate all active ICA and PCoIP sessions after all NetScaler appliances in the high availability (HA) pair or cluster have been upgraded to the fixed builds: kill icaconnection -all kill pcoipConnection -all Please ensure that the formatting remains intact as you copy and paste these commands. https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_5349_and_CVE_2025_5777 |
Definitive source of threat updates
Last edited: 26 June 2025 4:06 pm