Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202508-00000017
Citrix's NetScaler ADC (formerly Citrix ADC) is a network appliance designed to optimize, secure, and manage enterprise applications and cloud services. NetScaler Gateway (formerly Citrix Gateway) provides a secure remote access solution, allowing users to safely access applications and data from any location.
Citrix has released a major security vulnerability advisory (CVE-2025-7775, CVSS 4.x: 9.2 and CVE-2025-7776, CVSS 4.x: 8.8). CVE-2025-7775 is a memory overflow vulnerability that can lead to remote code execution or a DoS attack. CVE-2025-7776 is a memory overflow vulnerability that can lead to unpredictable or erroneous behavior and a DoS attack. In addition, CVE-2025-7775 has already been observed being exploited by attackers. It is recommended to take temporary mitigation measures as soon as possible to prevent potential attacks targeting this vulnerability.
Note: The affected products NetScaler ADC and NetScaler Gateway 12.1 and 13.0 are EoL (End of Life) products. Citrix recommends upgrading to a supported version.