Overview

CVE: CVE-2025-7775
Severity: Critical
Score: CVSS 9.2
Date: 28 August 2025

Citrix has released a critical advisory for a memory overflow vulnerability in NetScaler ADC and NetScaler Gateway, identified as CVE-2025-7775. The flaw, caused by improper bounds checking (CWE-119), allows attackers to trigger memory corruption, potentially leading to remote code execution or denial of service. Exploitation is confirmed in the wild. Cloud-managed Citrix services are not affected.

Affected Versions

The following versions are impacted and require immediate patching:

  • NetScaler ADC and Gateway 14.1 — prior to 14.1-47.48
  • NetScaler ADC and Gateway 13.1 — prior to 13.1-59.22
  • NetScaler ADC 13.1-FIPS and NDcPP — prior to 13.1-37.241
  • NetScaler ADC 12.1-FIPS and NDcPP — prior to 12.1-55.330
  • NetScaler ADC and Gateway 12.1 / 13.0End of Life (no patches provided; upgrade mandatory)

Vulnerability Breakdown

CVE-2025-7775 — Memory Overflow Vulnerability

  • Type: Memory overflow due to improper bounds checking
  • Severity: Critical
  • CVSS Score: 9.2
  • Impact: Remote code execution or service disruption


Exploitation Conditions:

The vulnerability is exploitable when the NetScaler appliance is configured with any of the following:

  • Gateway services: VPN virtual server, ICA Proxy, CVPN, or RDP Proxy
  • AAA virtual servers
  • Load Balancing (LB) virtual servers of type HTTP, SSL, or HTTP_QUIC with IPv6 services or DBS IPv6 servers
  • Content Rewrite (CR) virtual servers of type HDX

Mitigation

  • Patch immediately to secure builds:
    • 14.1 → 14.1-47.48 or later
    • 13.1 → 13.1-59.22 or later
    • 13.1-FIPS/NDcPP → 13.1-37.241 or later
    • 12.1-FIPS/NDcPP → 12.1-55.330 or later
  • No workarounds are available. The only mitigation is to upgrade.
  • End-of-Life Warning: NetScaler ADC 12.1 and 13.0 are no longer supported. Customers must upgrade to a supported release to maintain security coverage.

Summary for IT Teams

  • Products: NetScaler ADC and Gateway (13.1, 14.1, FIPS, NDcPP)
  • Threat Level: Critical
  • Action Required:
    • Patch affected appliances immediately
    • Review system roles for Gateway, AAA, LB (IPv6), and CR (HDX) configurations
    • Retire or replace any systems running unsupported versions
    • Monitor for unexpected crashes or remote access anomalies

Reference

Citrix Security Bulletin

Need Help?

If your organisation requires assistance identifying affected systems, applying updates or adjusting controller configurations, our team is here to help. Email us via soc@secure-iss.com for assistance.