Citrix has launched fixes to deal with three safety flaws in NetScaler ADC and NetScaler Gateway, together with one which it stated has been actively exploited within the wild.
The vulnerabilities in query are listed beneath –
- CVE-2025-7775 (CVSS rating: 9.2) – Reminiscence overflow vulnerability resulting in Distant Code Execution and/or Denial-of-Service
- CVE-2025-7776 (CVSS rating: 8.8) – Reminiscence overflow vulnerability resulting in unpredictable or misguided conduct and Denial-of-Service
- CVE-2025-8424 (CVSS rating: 8.7) – Improper entry management on the NetScaler Administration Interface
The corporate acknowledged that “exploits of CVE-2025-7775 on unmitigated home equipment have been noticed,” however stopped in need of sharing further particulars.
Nevertheless, for the failings to be exploited, there are a selection of stipulations –
- CVE-2025-7775 – NetScaler have to be configured as Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or AAA digital server; NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of kind (HTTP, SSL or HTTP_QUIC) sure with IPv6 companies or servicegroups sure with IPv6 servers; NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of kind (HTTP, SSL or HTTP_QUIC) sure with DBS IPv6 companies or servicegroups sure with IPv6 DBS servers; or CR digital server with kind HDX
- CVE-2025-7776 – NetScaler have to be configured as Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
- CVE-2025-8424 – Entry to NSIP, Cluster Administration IP or native GSLB Website IP or SNIP with Administration Entry
The problems have been resolved within the following variations, with no obtainable workarounds –
- NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases of 13.1
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP
- NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP
Citrix credited Jimi Sebree of Horizon3.ai, Jonathan Hetzer of Schramm & Partnerfor and François Hämmerli for locating and reporting the vulnerabilities.
CVE-2025-7775 is the most recent NetScaler ADC and Gateway vulnerability to be weaponized in real-world assaults in a brief span of time, after CVE-2025-5777 (aka Citrix Bleed 2) and CVE-2025-6543.
The disclosure additionally comes a day after the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added two safety flaws impacting Citrix Session Recording (CVE-2024-8068 and CVE-2024-8069) to its Recognized Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.
CISA Provides CVE-2025-7775 to KEV Catalog
CISA, on August 26, 2025, added CVE-2025-7775 to the KEV catalog, requiring Federal Civilian Government Department (FCEB) companies to remediate to deal with the flaw inside the subsequent 48 hours (i.e., August 28).
“Citrix NetScaler ADC and NetScaler Gateway comprise a reminiscence overflow vulnerability that might permit for distant code execution and/or Denial-of-Service,” the company stated.
