Citrix has launched fixes to deal with three safety flaws in NetScaler ADC and NetScaler Gateway, together with one which it stated has been actively exploited within the wild.
The vulnerabilities in query are listed under –
- CVE-2025-7775 (CVSS rating: 9.2) – Reminiscence overflow vulnerability resulting in Distant Code Execution and/or Denial-of-Service
- CVE-2025-7776 (CVSS rating: 8.8) – Reminiscence overflow vulnerability resulting in unpredictable or inaccurate conduct and Denial-of-Service
- CVE-2025-8424 (CVSS rating: 8.7) – Improper entry management on the NetScaler Administration Interface
The corporate acknowledged that “exploits of CVE-2025-7775 on unmitigated home equipment have been noticed,” however stopped in need of sharing extra particulars.
Nonetheless, for the issues to be exploited, there are a selection of conditions –
- CVE-2025-7775 – NetScaler should be configured as Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or AAA digital server; NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of sort (HTTP, SSL or HTTP_QUIC) certain with IPv6 providers or servicegroups certain with IPv6 servers; NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of sort (HTTP, SSL or HTTP_QUIC) certain with DBS IPv6 providers or servicegroups certain with IPv6 DBS servers; or CR digital server with sort HDX
- CVE-2025-7776 – NetScaler should be configured as Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
- CVE-2025-8424 – Entry to NSIP, Cluster Administration IP or native GSLB Web site IP or SNIP with Administration Entry
The problems have been resolved within the following variations, with no accessible workarounds –
- NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases of 13.1
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP
- NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP
Citrix credited Jimi Sebree of Horizon3.ai, Jonathan Hetzer of Schramm & Partnerfor and François Hämmerli for locating and reporting the vulnerabilities.
CVE-2025-7775 is the newest NetScaler ADC and Gateway vulnerability to be weaponized in real-world assaults in a brief span of time, after CVE-2025-5777 (aka Citrix Bleed 2) and CVE-2025-6543.
The disclosure additionally comes a day after the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added two safety flaws impacting Citrix Session Recording (CVE-2024-8068 and CVE-2024-8069) to its Recognized Exploited Vulnerabilities (KEV) catalog, primarily based on proof of lively exploitation.
