[German]Administrators of Citrix NetScaler ADC and NetScaler Gateway must respond as new critical vulnerabilities (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) have been discovered. Citrix writes that exploitation of a vulnerability via exploits has already been observed.
Vulnerabilities in Citrix NetScaler ADC & Gateway
Citrix has issued on 26. August 2025 a security bulletin NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 on critical vulnerabilities in Citrix NetScaler ADC and Citrix NetScaler Gateway. I came across the security alert via a comment by Michael Müller in the blog's discussion area (thanks) and the following tweet.
Several critical security vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).
- CVE-2025-7775: CVSS 4.0 Score 9.2; Memory overflow can lead to remote code execution and/or denial of service
- CVE-2025-7776: CVSS 4.0 Score 8.8; Memory overflow could lead to remote code execution and/or denial of service
- CVE-2025-8424: CVSS 4.0 Score 8.8; Insufficient access control on the NetScaler management interface in NetScaler ADC and NetScaler Gateway if an attacker can gain access to the device's NSIP address, cluster management IP address, or local GSLB site IP address or SNIP address with administrative access.
The vulnerabilities can only be exploited in certain scenarios, which are listed in Citrix Security Bulletin CTX694938. The following Citrix products are affected by these vulnerabilities:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP
- NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP
Citrix writes that exploits of the CVE-2025-7775 vulnerability have been observed on unprotected devices. Administrators responsible for updating the affected products should take urgent and prompt action to secure them. Citrix has provided the following corrected versions:
- NetScaler ADC and NetScaler Gateway 14.1-47.48 and later versions
- NetScaler ADC and NetScaler Gateway 13.1-59.22 and later versions of 13.1
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later versions of 13.1-FIPS and 13.1-NDcPP
- NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later versions of 12.1-FIPS and 12.1-NDcPP
NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now reaching end of life (EOL) and are no longer supported. Customers are advised to update their appliances to one of the supported versions that address the security vulnerabilities. The Citrix Security Bulletin CTX694938 provides information on how to identify vulnerable configurations.
Many unpatched instances
I took a look at hunter.io – in the following tweet, they write that over 183,900 vulnerable instances were found.
