CISA Warns of Citrix NetScaler ADC and Gateway Vulnerability Actively Exploited in Attacks
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
CISA has issued an urgent warning regarding a critical buffer overflow vulnerability in Citrix NetScaler ADC and Gateway products, designated as CVE-2025-6543<\/a>.\u00a0<\/p>\n Added to CISA\u2019s Known Exploited Vulnerabilities (KEV) catalog on June 30, 2025, threat actors are actively exploiting this high-severity flaw and pose significant risks to organizations utilizing these network infrastructure components.\u00a0<\/p>\n The vulnerability enables attackers to achieve unintended control flow manipulation and execute Denial-of-Service (DoS) attacks<\/a> against affected systems, prompting immediate action from federal agencies and private sector organizations.<\/p>\n CVE-2025-6543 represents a buffer overflow vulnerability classified under the Common Weakness Enumeration (CWE) 119, which encompasses the improper restriction of operations within memory buffer boundaries.\u00a0<\/p>\n This technical classification indicates that the vulnerability stems from insufficient input validation mechanisms within the NetScaler codebase, allowing attackers to write data beyond allocated memory boundaries.\u00a0<\/p>\n The exploitation of this flaw can result in arbitrary code execution and system compromise, making it particularly dangerous for internet-facing network appliances.<\/p>\n The vulnerability specifically affects Citrix NetScaler ADC (Application Delivery Controller) and Gateway products when configured in specific operational modes.\u00a0<\/p>\n These enterprise-grade network devices serve as critical infrastructure components, handling load balancing<\/a>, SSL offloading, and secure remote access functionalities for organizations worldwide.\u00a0<\/p>\n The buffer overflow condition occurs during packet processing routines, where malformed network traffic can trigger memory corruption, leading to system instability or complete compromise.<\/p>\n The vulnerability\u2019s exploitation requires specific NetScaler configurations to be present, limiting its attack surface but still affecting a substantial number of deployments.\u00a0<\/p>\n Affected systems must be configured as Gateway services, including VPN virtual servers<\/a>, ICA Proxy implementations, CVPN (Cloud VPN) services, or RDP Proxy configurations.\u00a0<\/p>\n Additionally, systems configured with AAA (Authentication, Authorization, and Accounting) virtual servers are susceptible to this vulnerability.<\/p>\n Organizations utilizing NetScaler devices in these configurations face immediate risks of service disruption, unauthorized access, and potential lateral movement within their network infrastructure.\u00a0<\/p>\n While CISA\u2019s current assessment indicates the vulnerability\u2019s use in ransomware campaigns remains unknown, the active exploitation status suggests sophisticated threat actors are leveraging this flaw for malicious purposes.<\/p>\nCitrix NetScaler Buffer Overflow Vulnerability<\/strong><\/h2>\n