- 192/2025
- Critical
Citrix has released a security update to address several vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform denial-of-service attacks, or execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. NetScaler ADC and NetScaler Gateway Remote Code Execution Vulnerability (CVE-2025-7775):
- CVSS 4.0: 9.2
- Attack Vector: Network
- Attack Complexity: High
- Attack Requirements: Present
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Citrix NetScaler Gateway Memory Overflow Vulnerability (CVE-2025-7776):
- CVSS 4.0: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Attack Requirements: None
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Affected versions:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48.
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22.
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP.
- NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP.
It should be highlighted that Citrix is aware that the vulnerability “CVE-2025-7775” is being exploited in the wild.
Vulnerabilities
- CVE-2025-7775
- CVE-2025-7776
- CVE-2025-8424
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.