CVE-2025-7775

CRITICAL CISA KEV EPSS 96.9%
Published Aug 26, 202510mo ago · Modified Jun 17, 20262w ago
9.2 CVSS 4.0
Critical
Find Similar
Published Aug 26, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Aug 26, 2025 10mo ago
KEV Due Aug 28, 2025 307d overdue

Description

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX

CVSS Details

Base Score
9.2
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

CISA Known Exploited Overdue 307d
Added
Aug 26, 2025
Due
Aug 28, 2025

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability
96.9% percentile
Exploit & Patch Status
Actively Exploited (KEV)
No Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 8

VendorProductVersionRange
citrixnetscaler_application_delivery_controller*≥12.1  –  <12.1-55.330
citrixnetscaler_application_delivery_controller*≥12.1  –  <12.1-55.330
citrixnetscaler_application_delivery_controller*≥13.1  –  <13.1-37.241
citrixnetscaler_application_delivery_controller*≥13.1  –  <13.1-37.241
citrixnetscaler_application_delivery_controller*≥13.1  –  <13.1-59.22
citrixnetscaler_application_delivery_controller*≥14.1  –  <14.1-47.48
citrixnetscaler_gateway*≥13.1  –  <13.1-59.22
citrixnetscaler_gateway*≥14.1  –  <14.1-47.48

References 2

  • support.citrix.com https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938
    Vendor Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-7775
    US Government Resource

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.