CVE-2025-7776
published 2025-08-26CVE-2025-7776: Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.66%
93.0th percentile
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_application_delivery_controller | >= 12.1 < 12.1-55.330 | 12.1-55.330 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-37.241 | 13.1-37.241 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-59.22 | 13.1-59.22 |
| citrix | netscaler_application_delivery_controller | >= 14.1 < 14.1-47.48 | 14.1-47.48 |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | >= 13.1 < 13.1-59.22 | 13.1-59.22 |
| citrix | netscaler_gateway | >= 14.1 < 14.1-47.48 | 14.1-47.48 |
| citrix | xenserver | — | — |
| netscaler | adc | >= 12.1 FIPS and NDcPP < 55.330 | 55.330 |
| netscaler | adc | >= 13.1 < 59.22 | 59.22 |
| netscaler | adc | >= 13.1 FIPS and NDcPP < 37.241 | 37.241 |
| netscaler | adc | >= 14.1 < 47.48 | 47.48 |
| netscaler | gateway | >= 12.1 FIPS and NDcPP < 55.330 | 55.330 |
| netscaler | gateway | >= 13.1 < 59.22 | 59.22 |
| netscaler | gateway | >= 13.1 FIPS and NDcPP < 37.241 | 37.241 |
| netscaler | gateway | >= 14.1 < 47.48 | 47.48 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-7776 only affects NetScaler when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with a PCoIP Profile bounded to it — scope detection/patching checks to this specific configuration ↗
- →Vulnerable versions for CVE-2025-7776: NetScaler ADC and NetScaler Gateway 14.1 before 14.1-47.48, 13.1 before 13.1-59.22, 13.1-FIPS/NDcPP before 13.1-37.241, and 12.1-FIPS/NDcPP before 12.1-55.330 — use version fingerprinting to identify unpatched appliances ↗
- ·CVE-2025-7776 is only exploitable when a PCoIP Profile is bound to a Gateway (VPN virtual server, ICA Proxy, CVPN, or RDP Proxy) virtual server — appliances not using this configuration are not affected ↗
- ·No mitigations or workarounds are available for CVE-2025-7776; patching to a fixed firmware version is the only remediation path ↗
- ·NetScaler versions 12.1 and 13.0 (non-FIPS/NDcPP) are also vulnerable to this class of bugs but have reached End of Life — no patches will be issued for those branches ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
Citrix Security Bulletin CTX694938
vendor_citrix·CVSS 5.9
CVE-2025-12101 [MEDIUM] Citrix Security Bulletin CTX694938
Citrix Security Bulletin CTX694938
CVE References: CVE-2025-12101, CVE-2025-62626, CVE-2025-7775, CVE-2025-7776, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-rppg-589c-3659: Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScal
ghsa_unreviewed·2025-08-26
CVE-2025-7776 [HIGH] CWE-119 GHSA-rppg-589c-3659: Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScal
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
No detection rules found.
No public exploits indexed.
Checkpoint
1st September – Threat Intelligence Report
blogs_checkpoint·2025-09-01
CVE-2025-55177 1st September – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 1st September – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 1st September, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
American consumer credit reporting agency TransUnion has suffered a data breach that resulted in the exposure of sensitive personal information for over 4.4 million individuals in the United States. The leaked data includes names, billing addresses, phone numbers, email addresses, dates of birth, unredacted Social Secur
Bleepingcomputer
Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
blogs_bleepingcomputer·2025-08-27·CVSS 9.2
CVE-2025-7775 [CRITICAL] Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
## Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
## Bill Toulas
More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild.
The vulnerability affects NetScaler ADC and NetScaler Gateway and the vendor addressed it in updates released yesterday.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Citrix, the security issue has been exploited as a zero-day vulnerability.
The versions affected by CVE-2025-7775 are 14.1 before 14.1-47.48, 13.1 before13.1-59.22, 13.1-FIPS/NDcPP before 13.1-37.241-FIPS/NDcPP, and 12.1-FIPS/NDcPP up to 12.1-55.330-FIPS/NDcPP.
Citrix does not provide any mitigations or workarounds and urges admins to upg
Bleepingcomputer
Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
blogs_bleepingcomputer·2025-08-26·CVSS 9.2
CVE-2025-7775 [CRITICAL] Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
## Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
## Lawrence Abrams
Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability.
The CVE-2025-7775 flaw is a memory overflow bug that can lead to unauthenticated, remote code execution on vulnerable devices.
In an advisory released today, Citrix states that this flaw was observed being exploited in attacks on unpatched devices.
"As of August 26, 2025 Cloud Software Group has reason to believe that exploits of CVE-2025-7775 on unmitigated appliances have been observed, and strongly recommends customers to upgrade their NetScaler firmware to the versions containing the
Tenable
CVE-2025-7775 Citrix RCE Zero-day
blogs_tenable·2025-08-26·CVSS 9.2
[CRITICAL] CVE-2025-7775 Citrix RCE Zero-day
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Greynoiseio
NoiseLetter August 2025
blogs_greynoiseio
NoiseLetter August 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Recorded Future
August 2025 CVE Landscape
blogs_recorded_future·CVSS 8.8
[HIGH] August 2025 CVE Landscape
# August 2025 CVE Landscape
In August 2025, Recorded Future’s Insikt Group® identified eighteen high-impact vulnerabilities that should be prioritized for remediation. This represents a decrease from the 22 identified in July.
However, the number of Very Critical vulnerabilities has remained the same (16) compared to July. These vulnerabilities have affected the following vendors: Trend Micro, WinRAR, N-able, Cisco, Apple, Citrix, FreePBX, Git, Microsoft, D-Link, and Fortinet.
August was dominated by Citrix and D-Link flaws, which represented six of the eighteen vulnerabilities. Threat actors actively exploited Citrix NetScaler ADC, NetScaler Gateway, and Citrix Session Recording products, as well as D-Link DNR-322L and DCS-2530L routers.
Recorded Future Insikt Group’s CVE Findings fro
Wiz
CVE-2026-3055 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.2
CVE-2026-3055 [CRITICAL] CVE-2026-3055 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3055 :
Citrix ADC VPX vulnerability analysis and mitigation
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
Source : NVD
## 9.3
Score
Published March 23, 2026
Severity CRITICAL
CNA Score 9.3
High-profile Vulnerability Yes
Affected Technologies
Citrix ADC VPX
Citrix ADC CPX
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 97.5
Exploitation Probability (EPSS) 44.3
Affected packages and libraries
cpe:2.3:a:citrix:netscaler_application_delivery_controller
Sources
Linux Severity CRITICAL Has Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud
Recorded Future
August 2025 CVE Landscape
blogs_recorded_future·CVSS 8.8
[HIGH] August 2025 CVE Landscape
## August 2025 CVE Landscape
In August 2025, Recorded Future’s Insikt Group ® identified eighteen high-impact vulnerabilities that should be prioritized for remediation. This represents a decrease from the 22 identified in July.
However, the number of Very Critical vulnerabilities has remained the same (16) compared to July. These vulnerabilities have affected the following vendors: Trend Micro, WinRAR, N-able, Cisco, Apple, Citrix, FreePBX, Git, Microsoft, D-Link, and Fortinet.
August was dominated by Citrix and D-Link flaws, which represented six of the eighteen vulnerabilities. Threat actors actively exploited Citrix NetScaler ADC, NetScaler Gateway, and Citrix Session Recording products, as well as D-Link DNR-322L and DCS-2530L routers.
Recorded Future Insikt Group’s CVE Findings f
Wiz
CVE-2026-4368 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.2
CVE-2026-4368 [CRITICAL] CVE-2026-4368 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4368 :
Citrix ADC VPX vulnerability analysis and mitigation
Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup
Source : NVD
## 7.7
Score
Published March 23, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
Citrix ADC VPX
Citrix ADC CPX
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:citrix:netscaler_application_delivery_controller
Sources
Linux Severity HIGH Has Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs
2025-08-26
Published