CVE-2025-7775

Published Aug 26, 2025

Last updated 6 months ago

NetScaler ADC

NetScaler Gateway

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-7775 is a memory overflow vulnerability that affects Citrix NetScaler ADC and NetScaler Gateway. It can lead to remote code execution (RCE) and/or denial of service (DoS). The vulnerability exists when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server. It also affects load balancing (LB) virtual servers of types HTTP, SSL, or HTTP_QUIC bound with IPv6 services or service groups, as well as DBS IPv6 services or CR virtual server with type HDX. Exploits of this vulnerability have been observed in the wild.

Description: Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX
Source: secure@citrix.com
NVD status: Analyzed
Products: netscaler_application_delivery_controller, netscaler_gateway

Insights

Analysis from the Intruder Security Team

Published Aug 28, 2025 Updated Aug 28, 2025

As this vulnerability is known to have been exploited by real attackers, the patch should be applied immediately.

If you have a vulnerable device connected to the internet, as well as patching, it is important to check that the device was not already compromised.

NCSC-NL, the Dutch National Cybersecurity Centre, have produced a tool available here which can help with this. Note that despite being marked as for an older CVE, this script is also receiving updates to check for issues relating to CVE-2025-7775.

Risk scores

CVSS 4.0

Type: Secondary
Base score: 9.2
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: CRITICAL

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Known exploits

Data from CISA

Vulnerability name: Citrix NetScaler Memory Overflow Vulnerability
Exploit added on: Aug 26, 2025
Exploit action due: Aug 28, 2025
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@citrix.com: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
            "matchCriteriaId": "5920186A-2278-4C5E-A2EE-047C4F6FAACD",
            "versionEndExcluding": "12.1-55.330",
            "versionStartIncluding": "12.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
            "matchCriteriaId": "E09EC98B-E057-4FF7-9B18-EF460A29B876",
            "versionEndExcluding": "12.1-55.330",
            "versionStartIncluding": "12.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
            "matchCriteriaId": "0096548F-A846-4D80-A4C6-71389543630F",
            "versionEndExcluding": "13.1-37.241",
            "versionStartIncluding": "13.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
            "matchCriteriaId": "F40E29F2-8013-41A8-91A5-848FE6365876",
            "versionEndExcluding": "13.1-37.241",
            "versionStartIncluding": "13.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
            "matchCriteriaId": "C2009493-AAFD-4090-84BC-5217A860E42A",
            "versionEndExcluding": "13.1-59.22",
            "versionStartIncluding": "13.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
            "matchCriteriaId": "3487EADF-F387-4DD4-B600-B1EBC416632E",
            "versionEndExcluding": "14.1-47.48",
            "versionStartIncluding": "14.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "DBA34500-BFE6-4B33-A52B-326C4C2069B1",
            "versionEndExcluding": "13.1-59.22",
            "versionStartIncluding": "13.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "004E06F6-0ABF-4414-B2A2-8834C1E6107D",
            "versionEndExcluding": "14.1-47.48",
            "versionStartIncluding": "14.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.