CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jul 21, 2025
Description
Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
EPSS — Exploit Probability
Higher than 83.6% of all CVEs
Required Action
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 ; https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-6543
Related Articles (2)
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix fixes CVE-2026-3055 memory flaw in NetScaler, enabling data leaks in SAML setups, raising risk of imminent exploitation.
Mar 24, 2026
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
CVE-2026-3055 targets Citrix NetScaler with active reconnaissance, risking data leaks on SAML IDP setups.
Mar 28, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 2.0%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 2
Timeline
Published
Jun 30, 2025
Added to KEV
Jun 30, 2025
Remediation Due
Jul 21, 2025