Detections
Analytics

NetScaler ADC and NetScaler Gateway Memory Overflow (CTX694788)

high Nessus Plugin ID 240342

Language:

Synopsis

The remote device is affected by a memory overflow vulnerability.

Description

The remote NetScaler ADC (formerly Citrix ADC) or NetScaler Gateway (formerly Citrix Gateway) device is version 14.1 prior to 14.1-47.46, 13.1 prior to 13.1-59.19, or 13.1-FIPS prior to 13.1-37.236-FIPS. It if, therefore, affected by a memory overflow vulnerability:

 - Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. (CVE-2025-6543)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to NetScaler ADC or NetScaler Gateway version 13.1-37.236-FIPS, 13.1-59.19, or 14.1-47.46 or later.

See Also

http://www.nessus.org/u?b3df6540

Plugin Details

Severity: High

ID: 240342

File Name: netscaler_adc_gateway_CTX694788.nasl

Version: 1.1

Type: combined

Family: CGI abuses

Published: 6/25/2025

Updated: 6/25/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: High

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-6543

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/h:citrix:netscaler_gateway, cpe:/h:citrix:netscaler_application_delivery_controller

Required KB Items: Host/NetScaler/Detected

Patch Publication Date: 6/25/2025

Vulnerability Publication Date: 6/25/2025

Reference Information

CVE: CVE-2025-6543