Known Exploited Vulnerability
9.8
CRITICAL
CVE-2025-6543
Citrix NetScaler ADC and Gateway Buffer Overflow V - [Actively Exploited]
Description

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

INFO

Published Date :

June 25, 2025, 1:15 p.m.

Last Modified :

July 1, 2025, 6:19 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes :

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 ; https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-6543

Public PoC/Exploit Available at Github

CVE-2025-6543 has a 9 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-6543 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Citrix netscaler_application_delivery_controller
2 Citrix netscaler_gateway
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-6543.

URL Resource
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Python

Updated: 5 days, 6 hours ago
1 stars 0 fork 0 watcher
Born at : July 9, 2025, 6:01 p.m. This repo has been linked 2 different CVEs too.

Multi-host, multi-port scanner and auditor for CVE-2025-6543-affected NetScaler devices. Supports SNMP and SSH enumeration with optional CSV reporting and exploit stubs.

Python

Updated: 1 week, 2 days ago
1 stars 0 fork 0 watcher
Born at : July 3, 2025, 8:02 p.m. This repo has been linked 1 different CVEs too.

详细讲解CitrixBleed 2 — CVE-2025-5777(越界泄漏)PoC 和检测套件

Python

Updated: 2 days, 14 hours ago
13 stars 2 fork 2 watcher
Born at : June 30, 2025, 11:02 a.m. This repo has been linked 3 different CVEs too.

Citrix Bleed 2 PoC

Python

Updated: 2 weeks, 2 days ago
0 stars 1 fork 1 watcher
Born at : June 30, 2025, 7:47 a.m. This repo has been linked 1 different CVEs too.

Script para determinar si Citrix es vulnerable al CVE-2025-6543

Python

Updated: 2 weeks, 6 days ago
1 stars 0 fork 0 watcher
Born at : June 26, 2025, 3:05 p.m. This repo has been linked 1 different CVEs too.

None

HTML Python Shell

Updated: 1 week, 5 days ago
0 stars 0 fork 0 watcher
Born at : Feb. 13, 2025, 8:50 a.m. This repo has been linked 890 different CVEs too.

CISA Bot is a GitHub bot that automatically monitors the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. When new vulnerabilities are published in the KEV, the bot creates GitHub issues in this repository with detailed information about each vulnerability.

Python

Updated: 2 days, 7 hours ago
2 stars 0 fork 0 watcher
Born at : Oct. 29, 2024, 10:19 a.m. This repo has been linked 180 different CVEs too.

Technical notes, AD pentest methodology, list of tools, scripts and Windows commands that I find useful during internal penetration tests and assumed breach exercises (red teaming)

PowerShell C#

Updated: 6 days, 20 hours ago
275 stars 54 fork 54 watcher
Born at : July 20, 2020, 6:04 p.m. This repo has been linked 32 different CVEs too.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 4 days, 13 hours ago
7078 stars 1188 fork 1188 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 809 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-6543 vulnerability anywhere in the article.

  • The Hacker News
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) cata ... Read more

Published Date: Jul 11, 2025 (5 days, 22 hours ago)
  • The Hacker News
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) cata ... Read more

Published Date: Jul 11, 2025 (5 days, 22 hours ago)
  • The Register
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit

The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitati ... Read more

Published Date: Jul 10, 2025 (6 days, 4 hours ago)
  • The Register
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit

The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitati ... Read more

Published Date: Jul 10, 2025 (6 days, 4 hours ago)
  • The Hacker News
Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

Jul 10, 2025Ravie LakshmananVulnerability / AI Security Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of ... Read more

Published Date: Jul 10, 2025 (6 days, 9 hours ago)
  • The Hacker News
AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs

Jul 10, 2025Ravie LakshmananVulnerability / Hardware Security Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information ... Read more

Published Date: Jul 10, 2025 (6 days, 15 hours ago)
  • Daily CyberSecurity
Citrix Warns of Privilege Escalation Vulnerability in Windows Virtual Delivery Agent (CVE-2025-6759)

Citrix has issued a security advisory concerning a newly identified local privilege escalation vulnerability affecting its Windows Virtual Delivery Agent (VDA), which is a core component of Citrix Vir ... Read more

Published Date: Jul 09, 2025 (1 week, 1 day ago)
  • Cyber Security News
PoC Exploits for CitrixBleed2 Flaw Released – Attackers Can Exfiltrate 127 Bytes Per Request

Security researchers have released proof-of-concept exploits for a critical vulnerability dubbed “CitrixBleed2” affecting Citrix NetScaler ADC and Gateway products. The vulnerability, tracked as CVE-2 ... Read more

Published Date: Jul 08, 2025 (1 week, 1 day ago)
  • The Hacker News
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks

Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet ... Read more

Published Date: Jul 08, 2025 (1 week, 1 day ago)
  • The Hacker News
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

Jul 08, 2025Ravie LakshmananCyber Attacks / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities ... Read more

Published Date: Jul 08, 2025 (1 week, 1 day ago)
  • The Hacker News
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

Cyber Attacks / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence ... Read more

Published Date: Jul 08, 2025 (1 week, 1 day ago)
  • The Register
CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands

Multiple exploits are circulating for CVE-2025-5777, a critical bug in Citrix NetScaler ADC and NetScaler Gateway dubbed CitrixBleed 2, and security analysts are warning a "significant portion" of use ... Read more

Published Date: Jul 07, 2025 (1 week, 2 days ago)
  • Help Net Security
Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) If you haven’t ... Read more

Published Date: Jul 06, 2025 (1 week, 3 days ago)
  • security.nl
Duizenden NetScaler-servers kwetsbaar voor CitrixBleed2, details snel openbaar

Duizenden NetScaler-servers bevatten nog altijd een kritieke kwetsbaarheid aangeduid als "CitrixBleed2", waardoor ze in het ergste geval zijn over te nemen, en een securitybedrijf heeft aangegeven vol ... Read more

Published Date: Jul 04, 2025 (1 week, 5 days ago)
  • The Hacker News
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to ... Read more

Published Date: Jul 04, 2025 (1 week, 5 days ago)
  • The Hacker News
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicio ... Read more

Published Date: Jul 03, 2025 (1 week, 6 days ago)
  • The Hacker News
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Vulnerability / Network Security Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Sessi ... Read more

Published Date: Jul 03, 2025 (1 week, 6 days ago)
  • BleepingComputer
Citrix warns of login issues after NetScaler auth bypass patch

Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gatewa ... Read more

Published Date: Jul 02, 2025 (2 weeks ago)
  • The Hacker News
Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remo ... Read more

Published Date: Jul 01, 2025 (2 weeks, 1 day ago)
  • Cyber Security News
CISA Warns of Citrix NetScaler ADC and Gateway Vulnerability Actively Exploited in Attacks

CISA has issued an urgent warning regarding a critical buffer overflow vulnerability in Citrix NetScaler ADC and Gateway products, designated as CVE-2025-6543. Added to CISA’s Known Exploited Vulnerab ... Read more

Published Date: Jul 01, 2025 (2 weeks, 1 day ago)
  • TheCyberThrone
CISA Adds Critical Citrix NetScaler Vulnerability to KEV Catalog

Skip to contentOn June 30, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-6543, a critical buffer overflow vulnerability in Citrix NetScaler ADC and Gateway, to its K ... Read more

Published Date: Jul 01, 2025 (2 weeks, 1 day ago)
  • Daily CyberSecurity
Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited on 2,100+ Unpatched Appliances

A critical security flaw tracked as CVE-2025-6543 is being actively exploited in the wild, prompting urgent warnings from Citrix and inclusion in CISA’s Known Exploited Vulnerabilities (KEV) Catalog. ... Read more

Published Date: Jul 01, 2025 (2 weeks, 2 days ago)
  • Cyber Security News
2100+ Citrix Servers Vulnerable to Actively Exploited Bypass Authentication Vulnerability

Over 2,100 vulnerable Citrix NetScaler servers remain exposed to active exploitation, despite patches being available for critical vulnerabilities that allow attackers to bypass authentication mechani ... Read more

Published Date: Jun 30, 2025 (2 weeks, 2 days ago)
  • Help Net Security
CitrixBleed 2 might be actively exploited (CVE-2025-5777)

While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for ... Read more

Published Date: Jun 30, 2025 (2 weeks, 2 days ago)
  • security.nl
'Tientallen Nederlandse Citrix-servers bevatten kritieke kwetsbaarheden'

Tientallen Nederlandse Citrix-servers bevatten kritieke kwetsbaarheden, zo laat The Shadowserver Foundation vandaag weten. Het gaat onder andere om een actief misbruikt beveiligingslek. De afgelopen w ... Read more

Published Date: Jun 30, 2025 (2 weeks, 2 days ago)
  • BleepingComputer
Over 1,200 Citrix servers unpatched against critical auth bypass flaw

Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authe ... Read more

Published Date: Jun 30, 2025 (2 weeks, 2 days ago)
  • Daily CyberSecurity
Citrix Bleed 2: ReliaQuest Warns of Active Exploitation in NetScaler Gateway Vulnerability

A newly discovered vulnerability—CVE-2025-5777, now dubbed Citrix Bleed 2—is raising serious security alarms. According to ReliaQuest, attackers are actively exploiting this vulnerability in the wild ... Read more

Published Date: Jun 30, 2025 (2 weeks, 3 days ago)
  • security.nl
Securitybedrijf meldt mogelijk misbruik van nieuw CitrixBleed-lek

Een nieuwe kwetsbaarheid in NetScaler ADC en NetScaler Gateway, die de naam CitrixBleed 2 heeft gekregen, wordt mogelijk actief misbruik bij aanvallen, zo stelt securitybedrijf ReliaQuest. NetScaler z ... Read more

Published Date: Jun 27, 2025 (2 weeks, 5 days ago)
  • Daily CyberSecurity
Cisco ISE/ISE-PIC Alert: Two Critical RCE Flaws (CVSS 10.0) Allow Unauthenticated Root Access

Cisco has disclosed two critical vulnerabilities in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC) that could allow unauthenticated, remote attackers to execute arbitrary ... Read more

Published Date: Jun 27, 2025 (2 weeks, 6 days ago)
  • Daily CyberSecurity
Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited

Citrix has issued a critical advisory for CVE-2025-6543, a memory overflow vulnerability that impacts NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). According to ... Read more

Published Date: Jun 27, 2025 (2 weeks, 6 days ago)
  • security.nl
Citrix waarschuwt voor misbruik van kritiek lek in NetScaler ADC en Gateway

Citrix waarschuwt organisaties voor actief misbruik van een kritieke kwetsbaarheid in NetScaler ADC en NetScaler Gateway. Het gaat om een buffer overflow die volgens Citrix tot "unintended control flo ... Read more

Published Date: Jun 26, 2025 (2 weeks, 6 days ago)
  • The Register
Citrix bleeds again: This time a zero-day exploited - patch now

Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued ... Read more

Published Date: Jun 25, 2025 (3 weeks ago)
  • BleepingComputer
Citrix warns of NetScaler vulnerability exploited in DoS attacks

Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. "Exploits of CV ... Read more

Published Date: Jun 25, 2025 (3 weeks ago)
  • The Hacker News
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Vulnerability / Network Security Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE- ... Read more

Published Date: Jun 25, 2025 (3 weeks ago)
  • Cyber Security News
Citrix NetScaler ADC and Gateway Vulnerability Actively Exploited in the Wild

Cloud Software Group has issued an urgent security advisory warning customers about a critical memory overflow vulnerability in NetScaler ADC and Gateway products, which could enable denial-of-service ... Read more

Published Date: Jun 25, 2025 (3 weeks ago)

The following table lists the changes that have been made to the CVE-2025-6543 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jul. 01, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CPE Configuration OR *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 13.1 up to (excluding) 13.1-59.19 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* versions from (including) 13.1 up to (excluding) 13.1-37.236 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 14.1 up to (excluding) 14.1-47.46 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:* versions from (including) 13.1 up to (excluding) 13.1-37.236
    Added CPE Configuration OR *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 13.1 up to (excluding) 13.1-59.19 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 14.1 up to (excluding) 14.1-47.46
    Added Reference Type Citrix Systems, Inc.: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 Types: Vendor Advisory
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jul. 01, 2025

    Action Type Old Value New Value
    Added Date Added 2025-06-30
    Added Due Date 2025-07-21
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
  • New CVE Received by [email protected]

    Jun. 25, 2025

    Action Type Old Value New Value
    Added Description Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
    Added CVSS V4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-119
    Added Reference https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
© cvefeed.io
Latest DB Update: Jul. 17, 2025 2:29