Posted Date: 2025/09/02

[Vulnerability Alert] Two major security vulnerabilities exist in Citrix's NetScaler ADC and NetScaler Gateway (CVE-2025-7775 and CVE-2025-7776)

  • Subject: [Vulnerability Alert] Two major security vulnerabilities exist in Citrix's NetScaler ADC and NetScaler Gateway (CVE-2025-7775 and CVE-2025-7776)
  • Content:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202508-00000017
    • Citrix's NetScaler ADC (formerly Citrix ADC) is a network appliance designed to optimize, secure, and manage enterprise applications and cloud services. NetScaler Gateway (formerly Citrix Gateway) provides a secure remote access solution, allowing users to safely access applications and data from any location.
    • Citrix has released a major security vulnerability advisory (CVE-2025-7775, CVSS 4.x: 9.2 and CVE-2025-7776, CVSS 4.x: 8.8). CVE-2025-7775 is a memory overflow vulnerability that can lead to remote code execution or a DoS attack. CVE-2025-7776 is a memory overflow vulnerability that can lead to unpredictable or erroneous behavior and a DoS attack. In addition, CVE-2025-7775 has already been observed being exploited by attackers. It is recommended to take temporary mitigation measures as soon as possible to prevent potential attacks targeting this vulnerability.
    • Note: The affected products NetScaler ADC and NetScaler Gateway 12.1 and 13.0 are EoL (End of Life) products. Citrix recommends upgrading to a supported version.
  • Affected Platforms:
    • NetScaler ADC and NetScaler Gateway before version 14.1-47.48 (exclusive).
    • NetScaler ADC and NetScaler Gateway before version 13.1-59.22 (exclusive).
    • NetScaler ADC 13.1-FIPS and NDcPP before version 13.1-37.241-FIPS and NDcPP (exclusive).
    • NetScaler ADC 12.1-FIPS and NDcPP before version 12.1-55.330-FIPS and NDcPP (exclusive).
  • Recommended Measures:
    • Please update to the following versions:
    • NetScaler ADC and NetScaler Gateway version 14.1-47.48 or later.
    • NetScaler ADC and NetScaler Gateway version 13.1-59.22 or later.
    • NetScaler ADC 13.1-FIPS and NDcPP version 13.1-37.241-FIPS and NDcPP or later.
    • NetScaler ADC 12.1-FIPS and NDcPP version 12.1-55.330-FIPS and NDcPP or later.
  • References:

Computer and Communications Center
Network Systems Group