Aug 26, 2025Ravie LakshmananVulnerability / Distant Code Execution
Citrix has launched fixes to deal with three safety flaws in NetScaler ADC and NetScaler Gateway, together with one which it mentioned has been actively exploited within the wild.
The vulnerabilities in query are listed beneath –
CVE-2025-7775 (CVSS rating: 9.2) – Reminiscence overflow vulnerability resulting in Distant Code Execution and/or Denial-of-Service
CVE-2025-7776 (CVSS rating: 8.8) – Reminiscence overflow vulnerability resulting in unpredictable or inaccurate conduct and Denial-of-Service
CVE-2025-8424 (CVSS rating: 8.7) – Improper entry management on the NetScaler Administration Interface
The corporate acknowledged that “exploits of CVE-2025-7775 on unmitigated home equipment have been noticed,” however stopped in need of sharing further particulars.
Nonetheless, for the failings to be exploited, there are a variety of conditions –
CVE-2025-7775 – NetScaler should be configured as Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or AAA digital server; NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of sort (HTTP, SSL or HTTP_QUIC) certain with IPv6 providers or servicegroups certain with IPv6 servers; NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of sort (HTTP, SSL or HTTP_QUIC) certain with DBS IPv6 providers or servicegroups certain with IPv6 DBS servers; or CR digital server with sort HDX
CVE-2025-7776 – NetScaler should be configured as Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
CVE-2025-8424 – Entry to NSIP, Cluster Administration IP or native GSLB Web site IP or SNIP with Administration Entry
The problems have been resolved within the following variations, with no obtainable workarounds –
NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases
NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases of 13.1
NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP
NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP
Citrix credited Jimi Sebree of Horizon3.ai, Jonathan Hetzer of Schramm & Partnerfor and François Hämmerli for locating and reporting the vulnerabilities.
CVE-2025-7775 is the most recent NetScaler ADC and Gateway vulnerability to be weaponized in real-world assaults in a brief span of time, after CVE-2025-5777 (aka Citrix Bleed 2) and CVE-2025-6543.
The disclosure additionally comes a day after the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added two safety flaws impacting Citrix Session Recording (CVE-2024-8068 and CVE-2024-8069) to its Identified Exploited Vulnerabilities (KEV) catalog, primarily based on proof of lively exploitation.
