Critical Vulnerability in NetScaler ADC and NetScaler Gateway

Background

Citrix has released security updates to address a critical vulnerability (CVE-2025-7775) in their Netscaler Application Delivery Controller (ADC) and Netscaler Gateway products.

Impact

CVE-2025-7775 is a memory overflow vulnerability that may allow an attacker to perform remote code execution and/or cause a denial-of-service condition.

Known exploitation

Citrix has observed exploitation of the critical vulnerability in vulnerable appliances.

Affected Versions

• Versions prior to NetScaler ADC and NetScaler Gateway 14.1-47.48

• Versions prior to NetScaler ADC and NetScaler Gateway 13.1-59.22

• Versions prior to NetScaler ADC 13.1-FIPS and NDcPP 13.1-37.241

• Versions prior to NetScaler ADC 12.1-FIPS and NDcPP 12.1-55.330

Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerability.

Mitigation

Users and administrators of affected product versions are strongly advised to update to the latest versions immediately.

Users and administrators with NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are strongly advised to upgrade their appliances to the latest version as they are now End Of Life (EOL) and no longer supported.

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

https://nvd.nist.gov/vuln/detail/CVE-2025-7775

https://thehackernews.com/2025/08/citrix-patches-three-netscaler-flaws.html?m=1