CVE-2025-7775: NetScaler Zero-Day Is Under Active Attack
NetScaler has issued an urgent advisory warning administrators of three newly discovered vulnerabilities in NetScaler ADC and NetScaler Gateway—one of which is already being actively exploited. Updates are now available, and the vendor strongly urges immediate installation, as exploits for CVE-2025-7775 have been observed targeting unpatched devices.
The flaws include a memory overflow that can lead to remote code execution or denial of service, a second memory corruption issue causing service crashes and unpredictable behavior, and an access control weakness in the management interface. These defects affect both standard releases and FIPS/NDcPP-compliant builds. While patches have already been deployed to vendor-managed cloud services, customer-managed installations require manual upgrades.
The impacted versions include NetScaler ADC and Gateway 14.1 prior to 14.1-47.48, 13.1 prior to 13.1-59.22, as well as NetScaler ADC 13.1-FIPS/NDcPP prior to 13.1-37.241 and 12.1-FIPS/NDcPP prior to 12.1-55.330. Citrix also highlights that branches 12.1 and 13.0 have reached end of support and must be migrated to supported versions. Updates are being released not only for standard gateways, but also for Secure Private Access on-premises deployments and hybrid scenarios using NetScaler instances.
| CVE-ID | Description | Pre-conditions | CVSSv4 |
| CVE-2025-7775 | Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service | NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
(OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX |
CVSS v4.0 Base Score: 9.2 |
| CVE-2025-7776 | Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service | NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it | CVSS v4.0 Base Score: 8.8 |
| CVE-2025-8424 | Improper access control on the NetScaler Management Interface | Access to NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access | CVSS v4.0 Base Score: 8.7 |
Recommended Fixed Builds
- NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases of 13.1
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP
- NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP
There are no available workarounds. Fixes for Citrix-managed cloud services and Adaptive Authentication environments have already been applied.
Administrators are advised to review their deployments for the configuration indicators listed in the bulletin to determine exposure. Citrix has issued notifications via the NetScaler support portal, and the vulnerabilities have also been confirmed in industry advisories and vulnerability databases.
