[Vulnerability Alert] Critical Security Vulnerability Discovered in Citrix NetScaler ADC and NetScaler Gateway (CVE-2025-6543)
publish date :
2025-07-10
update date :
2025-07-10
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025063008064242 | Publication Time | 2025/06/30 08:59 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/06/30 08:59 |
| Impact Level | Low | ||
| [Subject] [Vulnerability Alert] Critical Security Vulnerability Discovered in Citrix NetScaler ADC and NetScaler Gateway (CVE-2025-6543) |
|||
| [Content] Forwarded from TWCERTCC-200-202506-00000019 NetScaler ADC (formerly Citrix ADC) is a network appliance designed to optimize, secure, and manage enterprise applications and cloud services. NetScaler Gateway (formerly Citrix Gateway) provides secure remote access, enabling users to securely connect to applications and data from any location. Recently, Citrix disclosed a critical security vulnerability (CVE-2025-6543, CVSS 4.x: 9.2), which is a memory overflow issue. This vulnerability may allow unintended control flow changes and denial of service (DoS) attacks. Note: The affected versions, NetScaler ADC and Gateway 12.1 and 13.0, are End-of-Life (EoL). Citrix recommends upgrading to supported versions. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] NetScaler ADC and NetScaler Gateway versions earlier than 14.1-47.46 NetScaler ADC and NetScaler Gateway versions earlier than 13.1-59.19 NetScaler ADC 13.1-FIPS and NDcPP versions earlier than 13.1-37.236-FIPS and NDcPP |
|||
| [Recommended Actions] Upgrade to the following or later versions: NetScaler ADC and NetScaler Gateway 14.1-47.46 or later NetScaler ADC and NetScaler Gateway 13.1-59.19 or later NetScaler ADC 13.1-FIPS and NDcPP 13.1-37.236-FIPS and NDcPP or later |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10221-b5f6f-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center