{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-6543","assignerOrgId":"e437aed5-38e0-4fa3-a98b-cb73e7acaec6","state":"PUBLISHED","assignerShortName":"Citrix","dateReserved":"2025-06-23T18:08:23.912Z","datePublished":"2025-06-25T12:49:57.896Z","dateUpdated":"2026-02-26T17:50:24.557Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ADC","vendor":"NetScaler","versions":[{"lessThan":"47.46","status":"affected","version":"14.1","versionType":"patch"},{"lessThan":"59.19","status":"affected","version":"13.1","versionType":"patch"},{"lessThan":"37.236","status":"affected","version":"13.1 FIPS and NDcPP","versionType":"patch"}]},{"defaultStatus":"unaffected","product":"Gateway","vendor":"NetScaler","versions":[{"lessThan":"47.46","status":"affected","version":"14.1","versionType":"patch"},{"lessThan":"59.19","status":"affected","version":"13.1","versionType":"patch"},{"lessThan":"37.236","status":"affected","version":"13.1 FIPS and NDcPP","versionType":"patch"}]}],"datePublic":"2025-06-25T12:30:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"}],"value":"Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"HIGH","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":9.2,"baseSeverity":"CRITICAL","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-119","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e437aed5-38e0-4fa3-a98b-cb73e7acaec6","shortName":"Citrix","dateUpdated":"2025-06-25T12:49:57.896Z"},"references":[{"url":"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788"}],"source":{"discovery":"UNKNOWN"},"title":"Memory overflow vulnerability leading to unintended control flow and Denial of Service","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-6543","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-07-17T03:55:32.992762Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2025-06-30","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6543"}}}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6543","tags":["government-resource"]}],"timeline":[{"time":"2025-06-30T00:00:00.000Z","lang":"en","value":"CVE-2025-6543 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:50:24.557Z"}}]}}