Citrix has issued emergency patches for a critical memory overflow flaw that impacts NetScaler ADC and Gateway. Exploitation can lead to denial-of-service (DoS) and system control issues. Review this Cybersecurity Threat Advisory for guidance on protecting your systems against this vulnerability.
What is the threat?
CVE-2025-6543, which has a CVSS score of 9.2, is a memory overflow vulnerability. A memory overflow occurs when a program writes more data into a fixed-size memory buffer than it can handle, causing excess data to overwrite adjacent memory. This can lead to data corruption, altered program execution, or disrupted system behavior.
In this case, the overflow may lead to unintended control flow, enabling attackers to manipulate how the affected NetScaler appliance processes data. Attackers can exploit the vulnerability by sending unauthenticated remote requests, which can trigger a DoS condition without needing prior access or credentials.
Why is it noteworthy?
Successful exploitation of CVE-2025-6543 is contingent upon specific configurations of the NetScaler appliance. The vulnerability only affects NetScaler ADC and NetScaler Gateway devices when they are configured as a Gateway or an Authentication, Authorization, and Accounting (AAA) virtual server.
The “Gateway” configuration encompasses several functionalities critical for remote access and application delivery, including:
- VPN virtual server
- ICA Proxy (for Citrix Virtual Apps and Desktops)
- Clientless VPN (CVPN)
- RDP Proxy (for Remote Desktop Protocol access)
The AAA virtual server configuration is central to managing user authentication and authorization, often serving as a critical entry point for enterprise networks. These specific configurations limit the vulnerability to certain NetScaler deployments, but systems providing remote access or centralized authentication services face direct exposure.
What is the exposure or risk?
This vulnerability poses a significant risk to organizations that rely on NetScaler infrastructure. If successfully exploited, it can lead to denial-of-service, taking appliances offline, and disrupting operations.
Attackers have already exploited this vulnerability in real-world scenarios, rendering devices unresponsive and inaccessible. For enterprises that rely on NetScaler for remote access, load balancing, or application delivery, such downtime can result in significant service disruptions, productivity losses, and financial impacts.
What are the recommendations?
Barracuda recommends the following actions to protect your environment:
- Apply the available patches issued:
- Upgrade to supported version is using NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0, as they have reached end-of-life.
References
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2025/06/citrix-releases-emergency-patches-for.html
- https://cybersecuritynews.com/netscaler-adc-and-gateway-vulnerability/
- https://www.bleepingcomputer.com/news/security/citrix-warns-of-netscaler-vulnerability-exploited-in-dos-attacks/
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
