cbcvebase.
CVE-2025-7775
published 2025-08-26

CVE-2025-7775: Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as…

PriorityP193critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-08-28
Exploited in the wild
EPSS
18.97%
96.9th percentile
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX

Affected

21 ranges
VendorProductVersion rangeFixed in
citrixcitrix_adm
citrixcitrix_hypervisor
citrixcitrix_virtual_apps_and_desktops
citrixendpoint_management
citrixnetscaler_adc
citrixnetscaler_application_delivery_controller>= 12.1 < 12.1-55.33012.1-55.330
citrixnetscaler_application_delivery_controller>= 13.1 < 13.1-37.24113.1-37.241
citrixnetscaler_application_delivery_controller>= 13.1 < 13.1-59.2213.1-59.22
citrixnetscaler_application_delivery_controller>= 14.1 < 14.1-47.4814.1-47.48
citrixnetscaler_gateway
citrixnetscaler_gateway>= 13.1 < 13.1-59.2213.1-59.22
citrixnetscaler_gateway>= 14.1 < 14.1-47.4814.1-47.48
citrixxenserver
netscaleradc>= 12.1 FIPS and NDcPP < 55.33055.330
netscaleradc>= 13.1 < 59.2259.22
netscaleradc>= 13.1 FIPS and NDcPP < 37.24137.241
netscaleradc>= 14.1 < 47.4847.48
netscalergateway>= 12.1 FIPS and NDcPP < 55.33055.330
netscalergateway>= 13.1 < 59.2259.22
netscalergateway>= 13.1 FIPS and NDcPP < 37.24137.241
netscalergateway>= 14.1 < 47.4847.48

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-7775 affects NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server — focus detection on these configurations
  • CVE-2025-7775 has been confirmed exploited in the wild against Citrix NetScaler ADC and NetScaler Gateway — treat unpatched instances as actively targeted
  • ·Vulnerability also affects LB virtual servers of type HTTP, SSL, or HTTP_QUIC bound with IPv6 services or servicegroups — ensure these configurations are included in scope for detection and patching
  • ·Vulnerability also affects LB virtual servers bound with DBS IPv6 services or servicegroups — DBS IPv6 configurations must also be assessed
  • ·CR virtual server with type HDX is also a vulnerable configuration and should be included in detection scope

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.2CRITICALCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.2CRITICAL
cisa9.2CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.