⚠ Actively exploited
Added to CISA KEV on 2025-08-26. Federal agencies required to patch by 2025-08-28. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..
CVE-2025-7775 — Improper Restriction of Operations within the Bounds of a Memory Buffer in ADC
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer37 documents10 sources
Severity
9.2CRITICALNVD
EPSS
6.6%
top 8.83%
CISA KEV
KEV
Added 2025-08-26
Due 2025-08-28
Exploit
No known exploits
Affected products
Timeline
PublishedAug 26
KEV addedAug 26
KEV dueAug 28
Latest updateMar 28
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and…
CVSS vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Affected Packages11 packages
🔴Vulnerability Details
2📋Vendor Advisories
2🕵️Threat Intelligence
32Hackernews
▶
Hackernews
▶