CVE-2025-6543 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-06-25

Added to CISA KEV: 2025-06-30 5 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
CRITICAL: Apply patches immediately - NetScaler 14.1-47.46+, 13.1-59.19+, or 13.1 FIPS/NDcPP-37.236+
Implement emergency network segmentation if patching cannot be completed immediately
Monitor NetScaler logs for suspicious client certificate activity and memory-related crashes
Review and harden NetScaler configurations, particularly Gateway and AAA virtual server settings

🔍 Web Intelligence (Kagi · 2025-09-06)

Here's what is known about the CVE-2025-6543 vulnerability:

Affected Applications/Services: The vulnerability affects NetScaler ADC and NetScaler Gateway, particularly when configured as a Gateway (VPN) ^[1]^[2].

Active Exploitation: CVE-2025-6543 has been actively exploited in the wild as a zero-day since at least May 2025 ^[3]^[4].

Attack Vectors/Exploitation Methods:

* It is a memory overflow vulnerability ^[1]^[2]. * An attacker can supply a client certificate to overwrite memory ^[3]. * Exploitation leads to unintended control flow and Denial of Service (DoS) ^[1]^[2].

Targeted Attacks: The Dutch NCSC has warned of attacks exploiting CVE-2025-6543 against critical organizations ^[5].

CISA KEV Status: CISA added CVE-2025-6543 to its Known Exploited Vulnerabilities Catalog on June 30, 2025 ^[6]. This indicates that CISA has evidence of active exploitation and considers it a significant risk ^[6].

Technical Details/Internet Exploitability: CVE-2025-6543 is a critical memory overflow vulnerability that can be exploited to cause a denial of service or potentially achieve arbitrary code execution. It is internet exploitable because it affects network appliances like NetScaler ADC and Gateway, which are often exposed to the internet.

Sources

NVD - CVE-2025-6543
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway.
CVE-2025-6543 - Vulnerability Details - OpenCVE
CVE-2025-6543 - Memory overflow vulnerability leading to unintended control flow and Denial of Service. Sign in.Netscaler Application Delivery Controller.
Citrix forgot to tell you CVE-2025–6543 has been used as a zero ...
CVE-2025–6543 is a vulnerability which allows an attacker to supply a client certificate, which overwrites memory. This then allows code ...
CVE-2025-6543: Zero Day Exploitation of NetScaler ADC and ...
Zero day exploitation in the wild of NetScaler ADC and NetScaler Gateway has been disclosed, due to a new vulnerability CVE-2025-6543.
Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE ...
Dutch NCSC warns of CVE-2025-6543 Citrix attacks on critical organizations, urging urgent patches to prevent further breaches.

🔴 CVE-2025-6543

📋 Vulnerability Details

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-09-06)

Sources