3 Vulnerabilities in NetScaler. One is a 0-Day. Updates are Mandatory.
One exploit could bring down the entire infrastructure if the NetScaler update is ignored.
One exploit could bring down the entire infrastructure if the NetScaler update is ignored.
NetScaler has warned administrators about three new vulnerabilities in NetScaler ADC and NetScaler Gateway, one of which is already being exploited in attacks. Updates are available, and the manufacturer strongly urges they be installed immediately—exploits for CVE-2025-7775 have been observed on unpatched devices.
The vulnerabilities include a memory overflow with risks of remote code execution and denial of service, a second similar error leading to service crashes and unpredictable behavior, and an access control issue on the management interface. The defects affect both standard releases and the corresponding FIPS/NDcPP builds. Updates have already been deployed for manufacturer-managed cloud services, but customer installations require a manual upgrade.
Supported branches are under threat: NetScaler ADC and Gateway 14.1 before 14.1-47.48, 13.1 before 13.1-59.22, as well as NetScaler ADC 13.1-FIPS/NDcPP before 13.1-37.241 and 12.1-FIPS/NDcPP before 12.1-55.330. It was separately noted that branches 12.1 and 13.0 are end-of-life and should be migrated to current supported lines. Updates are being released for both standard gateways and for on-prem Secure Private Access deployments and hybrid scenarios where NetScaler instances are used.
Vulnerabilities in NetScaler ADC and NetScaler Gateway
| CVE-ID | Description | Prerequisites | CWE | CVSS v4.0 |
|---|---|---|---|---|
| CVE-2025-7775 | Memory overflow leading to remote code execution and/or denial of service | NetScaler configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server OR NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type HTTP, SSL, or HTTP_QUIC, bound to IPv6 services or to service groups that include IPv6 servers OR NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type HTTP, SSL, or HTTP_QUIC, bound to IPv6 DBS services or to groups that include IPv6 DBS servers OR CR virtual server of type HDX | CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer | Base Score: 9.2 |
| CVE-2025-7776 | Memory overflow leading to unpredictable or erroneous behavior and denial of service | NetScaler configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with a bound PCoIP profile | CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer | Base Score: 8.8 |
| CVE-2025-8424 | Improper access control on the NetScaler management interface | Access to NSIP, Cluster Management IP, local GSLB Site IP, or SNIP with Management Access enabled | CWE-284 - Improper Access Control | Base Score: 8.7 |
- 14.1-47.48 and newer for the 14.1 line;
- 13.1-59.22 and newer for 13.1;
- 13.1-37.241 and newer for 13.1-FIPS/NDcPP;
- 12.1-55.330 and newer for 12.1-FIPS/NDcPP.
To assess their own installation, administrators can check their configuration for specific strings mentioned in the bulletin. Citrix has notified customers and partners through the NetScaler support site. The issues have also been confirmed in industry advisories and vulnerability databases.
