CVE-2025-7776 — Improper Restriction of Operations within the Bounds of a Memory Buffer in ADC

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 54.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netscaler ADC Netscaler Gateway Citrix Netscaler Application Delivery Controller +7 more

Timeline

PublishedAug 26

Latest updateAug 27

Description

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L

Affected Packages11 packages

▶CVEListV5netscaler/gateway14.1 — 47.48+3

▶NVDcitrix/netscaler_gateway13.1 — 13.1-59.22+1

▶citrixcitrix/netscaler_gateway

▶CVEListV5netscaler/adc14.1 — 47.48+3

▶NVDcitrix/netscaler_application_delivery_controller12.1 — 12.1-55.330+3

🔴Vulnerability Details

GHSA

GHSA-rppg-589c-3659: Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScal↗2025-08-26

▶

📋Vendor Advisories

Citrix

Citrix Security Bulletin CTX694938↗

▶

🕵️Threat Intelligence

Bleepingcomputer

Over 28,000 Citrix devices vulnerable to new exploited RCE flaw↗2025-08-27

▶

Bleepingcomputer

Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks↗2025-08-26

▶

Tenable

CVE-2025-7775 Citrix RCE Zero-day↗2025-08-26

▶

Greynoiseio

NoiseLetter August 2025↗

▶

Recorded Future

August 2025 CVE Landscape↗

▶