Alerts
Critical Vulnerability in NetScaler ADC and NetScaler Gateway
27 August 2025
Citrix has released security updates addressing a critical vulnerability (CVE-2025-7775) in their Netscaler Application Delivery Controller (ADC) and Netscaler Gateway products. Users and administrators are advised to update to the latest version.
Background
Citrix has released security updates to address a critical vulnerability (CVE-2025-7775) in their Netscaler Application Delivery Controller (ADC) and Netscaler Gateway products.
Impact
CVE-2025-7775 is a memory overflow vulnerability that may allow an attacker to perform remote code execution and/or cause a denial-of-service condition.
Known exploitation
Citrix has observed exploitation of the critical vulnerability in vulnerable appliances.
Affected Versions
Versions prior to NetScaler ADC and NetScaler Gateway 14.1-47.48
Versions prior to NetScaler ADC and NetScaler Gateway 13.1-59.22
Versions prior to NetScaler ADC 13.1-FIPS and NDcPP 13.1-37.241
Versions prior to NetScaler ADC 12.1-FIPS and NDcPP 12.1-55.330
Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerability.
Mitigation
Users and administrators of affected product versions are strongly advised to update to the latest versions immediately.
Users and administrators with NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are strongly advised to upgrade their appliances to the latest version as they are now End Of Life (EOL) and no longer supported.
References
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938
https://nvd.nist.gov/vuln/detail/CVE-2025-7775
https://thehackernews.com/2025/08/citrix-patches-three-netscaler-flaws.html?m=1