CVE-2025-7775 | THREATINT

Description

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX

PUBLISHED Reserved 2025-07-17 | Published 2025-08-26 | Updated 2025-08-27 | Assigner Citrix

CRITICAL: 9.2CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CISA Known Exploited Vulnerability

Date added 2025-08-26 | Due date 2025-08-28

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

Default status

unaffected

14.1 before 47.48

affected

13.1 before 59.22

affected

13.1 FIPS and NDcPP before 37.241

affected

12.1 FIPS and NDcPP before 55.330

affected

Default status

unaffected

14.1 before 47.48

affected

13.1 before 59.22

affected

13.1 FIPS and NDcPP before 37.241

affected

12.1 FIPS and NDcPP before 55.330

affected

References

support.citrix.com/...search/article?articleNumber=CTX694938

cve.org (CVE-2025-7775)

nvd.nist.gov (CVE-2025-7775)

Download JSON