What vulnerabilities did Citrix patch in NetScaler ADC and Gateway?

Citrix has released emergency patches for three vulnerabilities: CVE-2025-7775 (CVSS 9.2) - Memory overflow leading to RCE and DoS, CVE-2025-7776 (CVSS 8.8) - Memory overflow causing unpredictable behavior and DoS, and CVE-2025-8424 (CVSS 8.7) - Improper access control on the NetScaler Management Interface.

Which Citrix NetScaler vulnerability is being actively exploited?

CVE-2025-7775 is being actively exploited. Citrix states that 'exploits of CVE-2025-7775 on unmitigated appliances have been observed.' CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog.

What NetScaler configurations are affected by CVE-2025-7775?

CVE-2025-7775 affects devices configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server, as well as specific load balancer configurations with IPv6 services and CR virtual servers with HDX type.

Which NetScaler versions are vulnerable to these security flaws?

Vulnerable versions include NetScaler ADC and Gateway 14.1 before 14.1-47.48, 13.1 before 13.1-59.22, NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.241, and NetScaler ADC 12.1-FIPS and NDcPP before 12.1-55.330.

What are the patched NetScaler versions?

Patched versions include NetScaler ADC and Gateway 14.1-47.48 and later, 13.1-59.22 and later, NetScaler ADC 13.1-FIPS and NDcPP 13.1-37.241 and later, and NetScaler ADC 12.1-FIPS and NDcPP 12.1-55.330 and later releases.

What is the highest CVSS score among the NetScaler vulnerabilities?

CVE-2025-7775 has the highest CVSS score of 9.2, making it a critical severity vulnerability that enables memory overflow leading to remote code execution and denial of service.

Advisory

Citrix patches multiple flaws in NetScaler, including one actively exploited

Q: Are there workarounds for the Citrix NetScaler vulnerabilities?

No, there are no workarounds or mitigations for these vulnerabilities (except isolating the device from the internet which defeats its purpose). Citrix strongly recommends administrators install the latest updates as soon as possible.

Q: Are older NetScaler versions still supported?

No, NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life (EOL) and no longer supported. Customers must upgrade to supported versions that address the vulnerabilities.

Q: Do these vulnerabilities affect Secure Private Access deployments?

Yes, Secure Private Access on-premises or Secure Private Access Hybrid deployments using NetScaler instances are also affected and require updates to the recommended NetScaler builds.

published: Aug. 26, 2025

Take action: If you have Citrix NetScaler ADC or Gateway appliances, time for an urgent patch. There's another flaw in NetScaler that's actively exploited. And hackers love Citrix. You can't hide it from the internet because it's a gateway, so you better start patching.

Learn More

Citrix has released emergency patches for three vulnerabilities affecting NetScaler ADC and NetScaler Gateway appliances, including a zero-day vulnerability that has been actively exploited.

Vulnerability summary

CVE-2025-7775 (CVSS score 9.2) - Memory overflow vulnerability leading to remote code execution and denial of servic). The vulnerability affects devices configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server, as well as specific load balancer configurations with IPv6 services and CR virtual servers with HDX type. Citrix states that "exploits of CVE-2025-7775 on unmitigated appliances have been observed".
CVE-2025-7776 (CVSS score 8.8) - Memory overflow vulnerability leading to unpredictable behavior and denial of service. This flaw affects NetScaler devices configured as Gateway with PCoIP Profile bounded to it.
CVE-2025-8424 (CVSS score 8.7) - Improper access control vulnerability on the NetScaler Management Interface. The vulnerability requires access to NSIP, Cluster Management IP, local GSLB Site IP, or SNIP with Management Access.

The Shadowserver Foundation warns that more than 28,200 internet accessible Citrix instances are vulnerable to CVE-2025-7775.

Vulnerable NetScaler versions:

NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48
NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22
NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP
NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP

Patched versions available:

NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases
NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases
NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases
NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases

NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life (EOL) and no longer supported. Customers must upgrade to supported versions that address the vulnerabilities. Secure Private Access on-premises or Secure Private Access Hybrid deployments using NetScaler instances are also affected and require updates to the recommended NetScaler builds.

There are no workarouds or mitigations for these vulnerabilities (except isolating the device from the internet which defeats its purpose). The company strongly recommends administrators install the latest updates as soon as possible.

CISA has added CVE-2025-7775 to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation, placing this vulnerability into accelerated remediation priority for federal civilian agencies under Binding Operational Directive (BOD) 22-01.

Citrix patches multiple flaws in NetScaler, including one actively exploited

Read More
Oracle E-Business Suite customers targeted in extortion email …
Fortinet reports critical command injection vulnerability in FortiSIEM
CISA Mandates Immediate Patching for Actively Exploited SolarWinds …
Organizations attacked via Windows PHP remote code execution …
Critical authentication bypass flaw in Termix Docker image …