cbcvebase.
CVE-2025-7776
published 2025-08-26

CVE-2025-7776: Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is…

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.66%
93.0th percentile
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it

Affected

21 ranges
VendorProductVersion rangeFixed in
citrixcitrix_adm
citrixcitrix_hypervisor
citrixcitrix_virtual_apps_and_desktops
citrixendpoint_management
citrixnetscaler_adc
citrixnetscaler_application_delivery_controller>= 12.1 < 12.1-55.33012.1-55.330
citrixnetscaler_application_delivery_controller>= 13.1 < 13.1-37.24113.1-37.241
citrixnetscaler_application_delivery_controller>= 13.1 < 13.1-59.2213.1-59.22
citrixnetscaler_application_delivery_controller>= 14.1 < 14.1-47.4814.1-47.48
citrixnetscaler_gateway
citrixnetscaler_gateway>= 13.1 < 13.1-59.2213.1-59.22
citrixnetscaler_gateway>= 14.1 < 14.1-47.4814.1-47.48
citrixxenserver
netscaleradc>= 12.1 FIPS and NDcPP < 55.33055.330
netscaleradc>= 13.1 < 59.2259.22
netscaleradc>= 13.1 FIPS and NDcPP < 37.24137.241
netscaleradc>= 14.1 < 47.4847.48
netscalergateway>= 12.1 FIPS and NDcPP < 55.33055.330
netscalergateway>= 13.1 < 59.2259.22
netscalergateway>= 13.1 FIPS and NDcPP < 37.24137.241
netscalergateway>= 14.1 < 47.4847.48

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-7776 only affects NetScaler when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with a PCoIP Profile bounded to it — scope detection/patching checks to this specific configuration
  • Vulnerable versions for CVE-2025-7776: NetScaler ADC and NetScaler Gateway 14.1 before 14.1-47.48, 13.1 before 13.1-59.22, 13.1-FIPS/NDcPP before 13.1-37.241, and 12.1-FIPS/NDcPP before 12.1-55.330 — use version fingerprinting to identify unpatched appliances
  • ·CVE-2025-7776 is only exploitable when a PCoIP Profile is bound to a Gateway (VPN virtual server, ICA Proxy, CVPN, or RDP Proxy) virtual server — appliances not using this configuration are not affected
  • ·No mitigations or workarounds are available for CVE-2025-7776; patching to a fixed firmware version is the only remediation path
  • ·NetScaler versions 12.1 and 13.0 (non-FIPS/NDcPP) are also vulnerable to this class of bugs but have reached End of Life — no patches will be issued for those branches

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.