CVE-2025-6543

CRITICAL KEV

NetScaler ADC & Gateway < - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-6543 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 30, 2025. EIP tracks 3 public exploits from researchers including abrewer251, grupooruss, lex1010.

AI-analyzed exploit summary This repository contains a multi-host, multi-port scanner for CVE-2025-6543 affecting Citrix NetScaler appliances. It uses SNMP and SSH to enumerate build versions and determine vulnerability status, with optional CSV reporting and a stubbed exploit function.

Description

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Exploits (3)

nomisec SCANNER 5 stars
by abrewer251 · poc
https://github.com/abrewer251/CVE-2025-6543_CitrixNetScaler_PoC

This repository contains a multi-host, multi-port scanner for CVE-2025-6543 affecting Citrix NetScaler appliances. It uses SNMP and SSH to enumerate build versions and determine vulnerability status, with optional CSV reporting and a stubbed exploit function.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Citrix NetScaler ADC/VPX appliances
No auth needed
Prerequisites: Network access to target devices · SNMP community string (default: public) or SSH credentials for banner grabbing
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 4 stars
by grupooruss · poc
https://github.com/grupooruss/Citrix-cve-2025-6543

This repository contains a Python script to check if Citrix NetScaler ADC/Gateway instances are vulnerable to CVE-2025-6543 by querying version information via SNMP or SSH. It compares the detected build against a list of patched versions.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Citrix NetScaler ADC / Gateway
No auth needed
Prerequisites: SNMP access with community string or SSH credentials · Net-SNMP tools installed for SNMP checks · sshpass installed for SSH checks
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by lex1010 · poc
https://github.com/lex1010/CVE-2025-6543

This repository contains a scanner for CVE-2025-6543, which checks Citrix NetScaler ADC/Gateway versions for vulnerability by querying SNMP or SSH banners. It does not include an exploit payload but identifies vulnerable systems.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Citrix NetScaler ADC / Gateway
No auth needed
Prerequisites: SNMP access with community string or SSH credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0106
EPSS Percentile 78.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2025-06-30
VulnCheck KEV 2025-06-25
ENISA EUVD EUVD-2025-19085
CWE
CWE-119
Status published
Products (3)
citrix/netscaler_application_delivery_controller 13.1 - 13.1-37.236 (2 CPE variants)
citrix/netscaler_application_delivery_controller 13.1 - 13.1-59.19
citrix/netscaler_gateway 13.1 - 13.1-59.19
Published Jun 25, 2025
KEV Added Jun 30, 2025
Tracked Since Feb 18, 2026