CVE-2025-7775

Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-47.48, 13.1-59.22, and 13.1-37.241-FIPS, and 12.1-55.330-FIPS

Description Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that allows for remote code execution (RCE) and/or denial of service (DoS). Exploitation of this vulnerability is actively observed in the wild. The vulnerability is present when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server, or when LB virtual servers of type HTTP, SSL, or HTTP QUIC are bound with IPv6 services or service groups bound with IPv6 servers. It also affects CR virtual servers of type HDX. Over 28,000 instances are reportedly vulnerable and actively exploited. Attackers are leveraging tools like HexStrike-AI to rapidly exploit this flaw. The vulnerability allows for unauthenticated remote code execution.

Recommendations Update to NetScaler ADC and NetScaler Gateway version 14.1-47.48 or later. Update to NetScaler ADC and NetScaler Gateway version 13.1-59.22 or later. Update to NetScaler ADC and NetScaler Gateway version 13.1-37.241-FIPS or later. Update to NetScaler ADC and NetScaler Gateway version 12.1-55.330-FIPS or later. Restrict admin pages from internet access using VPN/IP allowlists. Check logs for hidden backdoors (“webshells”).