We would like to inform you of a NEW recently identified security vulnerability affecting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). This is in addition to the vulnerability last week. This issue has been classified as critical, with a CVSSv3 score of 9.2.
Given the nature of the vulnerability, it’s critical to take immediate action to ensure your systems remain secure. The vulnerabilities involve, CVE-2025-6543 Memory overflow vulnerability leading to unintended control flow and Denial of Service. We strongly recommend reviewing the official Citrix notification here and implementing the suggested upgrades as soon as possible.
Affected Versions:Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.
NetScaler ADC and NetScaler Gateway 14.1-47.46 and later releases, NetScaler ADC and NetScaler Gateway 14.1-47.46 and later releases, NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.236 and later releases of 13.1-FIPS and 13.1-NDcPP.
Customers should contact support - https://support.citrix.com/support-home/home to obtain the 13.1-FIPS and 13.1-NDcPP builds that address this issue.
Exploits of CVE-2025-6543 on unmitigated appliances have been observed.