Cloud Software Group released builds on June 25, 2025, to address one security vulnerability. NetScaler Gateway is affected by CVE 2025-6543, which has a CVSS score of 9.3. CVE 2025-6543 impacts NetScaler Gateway and NetScaler.
The vulnerability is a memory safety vulnerability which may lead to memory corruption and Denial of Service on NetScaler appliances. An indication of this particular attack may be observed in terms of a NetScaler appliance crash. If customers have experienced such behaviour in their deployments we strongly recommend upgrading to the versions containing the fix, as there are no mitigation measures for this vulnerability. Cloud Software group had released NetScaler firmware 14.1-47.46 on 17th June 2025, if customers have upgraded their environments to 14.1-47.46 already, they need not take any additional action.
The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-47.46
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-59.19
- NetScaler ADC version 13.1-37.235-FIPS and NDcPP, as well as all versions prior to 13.1-37.235
Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.
- NetScaler ADC and NetScaler Gateway 14.1-47.46 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-59.19 and later releases of 13.1
- NetScaler ADC 13.1-FIPS and NDcPP customers should Contact Support to obtain builds that address this issue
Update installation
Download permanent fixes for NetScaler
NetScaler and Citrix are both part of Cloud Software Group, and share the same ticketing system. If you encounter issues when you are updating your affected builds, please contact Citrix Customer Support, irrespective of whether your product includes NetScaler branding or Citrix branding.